Storage and retrieval of dispersed storage network access information

ABSTRACT

A method includes affiliating an authentication token with user information of a user. The method further includes generating a private/public key pairing associated with the user information. The method further includes applying a share encoding function on a private key of the private/public key pairing to produce a set of encoded shares. The method further includes generating a set of random numbers and generating a set of hidden passwords based on the user information. The method further includes generating a set of encryption keys based on the set of hidden passwords and the set of random numbers. The method further includes encrypting the set of encoded shares utilizing the set of encryption keys to produce a set of encrypted shares. The method further includes outputting the set of encrypted shares to the authentication token for storage therein and outputting the set of random numbers to a set of authenticating units.

CROSS REFERENCE TO RELATED PATENTS

The present U.S. Utility patent application claims priority pursuant to35 U.S.C. § 121 as a divisional of U.S. Utility application Ser. No.13/587,277, entitled “STORAGE AND RETRIEVAL OF DISPERSED STORAGE NETWORKACCESS INFORMATION,” filed Aug. 16, 2012, now issued as U.S. Pat. No.9,229,823 on Jan. 5, 2016, which claims priority pursuant to 35 U.S.C. §119(e) to U.S. Provisional Application No. 61/524,521, entitled“DISTRIBUTED AUTHENTICATION TOKEN DEVICE,” filed Aug. 17, 2011, both ofwhich are hereby incorporated herein by reference in their entirety andmade part of the present U.S. Utility patent application for allpurposes.

STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH OR DEVELOPMENT

NOT APPLICABLE

INCORPORATION-BY-REFERENCE OF MATERIAL SUBMITTED ON A COMPACT DISC

NOT APPLICABLE

BACKGROUND OF THE INVENTION Technical Field of the Invention

This invention relates generally to computing systems and moreparticularly to data storage solutions within such computing systems.

Description of Related Art

Computers are known to communicate, process, and store data. Suchcomputers range from wireless smart phones to data centers that supportmillions of web searches, stock trades, or on-line purchases every day.In general, a computing system generates data and/or manipulates datafrom one form into another. For instance, an image sensor of thecomputing system generates raw picture data and, using an imagecompression program (e.g., JPEG, MPEG, etc.), the computing systemmanipulates the raw picture data into a standardized compressed image.

With continued advances in processing speed and communication speed,computers are capable of processing real time multimedia data forapplications ranging from simple voice communications to streaming highdefinition video. As such, general-purpose information appliances arereplacing purpose-built communications devices (e.g., a telephone). Forexample, smart phones can support telephony communications but they arealso capable of text messaging and accessing the internet to performfunctions including email, web browsing, remote applications access, andmedia communications (e.g., telephony voice, image transfer, musicfiles, video files, real time video streaming. etc.).

Each type of computer is constructed and operates in accordance with oneor more communication, processing, and storage standards. As a result ofstandardization and with advances in technology, more and moreinformation content is being converted into digital formats. Forexample, more digital cameras are now being sold than film cameras, thusproducing more digital pictures. As another example, web-basedprogramming is becoming an alternative to over the air televisionbroadcasts and/or cable broadcasts. As further examples, papers, books,video entertainment, home video, etc., are now being stored digitally,which increases the demand on the storage function of computers.

A typical computer storage system includes one or more memory devicesaligned with the needs of the various operational aspects of thecomputer's processing and communication functions. Generally, theimmediacy of access dictates what type of memory device is used. Forexample, random access memory (RAM) memory can be accessed in any randomorder with a constant response time, thus it is typically used for cachememory and main memory. By contrast, memory device technologies thatrequire physical movement such as magnetic disks, tapes, and opticaldiscs, have a variable response time as the physical movement can takelonger than the data transfer, thus they are typically used forsecondary memory (e.g., hard drive, backup memory, etc.).

A computer's storage system will be compliant with one or more computerstorage standards that include, but are not limited to, network filesystem (NFS), flash file system (FFS), disk file system (DFS), smallcomputer system interface (SCSI), internet small computer systeminterface (iSCSI), file transfer protocol (FTP), and web-baseddistributed authoring and versioning (WebDAV). These standards specifythe data storage format (e.g., files, data objects, data blocks,directories, etc.) and interfacing between the computer's processingfunction and its storage system, which is a primary function of thecomputer's memory controller.

Despite the standardization of the computer and its storage system,memory devices fail; especially commercial grade memory devices thatutilize technologies incorporating physical movement (e.g., a discdrive). For example, it is fairly common for a disc drive to routinelysuffer from bit level corruption and to completely fail after threeyears of use. One solution is to utilize a higher-grade disc drive,which adds significant cost to a computer.

Another solution is to utilize multiple levels of redundant disc drivesto replicate the data into two or more copies. One such redundant driveapproach is called redundant array of independent discs (RAID). In aRAID device, a RAID controller adds parity data to the original databefore storing it across the array. The parity data is calculated fromthe original data such that the failure of a disc will not result in theloss of the original data. For example, RAID 5 uses three discs toprotect data from the failure of a single disc. The parity data, andassociated redundancy overhead data, reduces the storage capacity ofthree independent discs by one third (e.g., n−1=capacity). RAID 6 canrecover from a loss of two discs and requires a minimum of four discswith a storage capacity of n−2.

While RAID addresses the memory device failure issue, it is not withoutits own failure issues that affect its effectiveness, efficiency andsecurity. For instance, as more discs are added to the array, theprobability of a disc failure increases, which increases the demand formaintenance. For example, when a disc fails, it needs to be manuallyreplaced before another disc fails and the data stored in the RAIDdevice is lost. To reduce the risk of data loss, data on a RAID deviceis typically copied on to one or more other RAID devices. While thisaddresses the loss of data issue, it raises a security issue sincemultiple copies of data are available, which increases the chances ofunauthorized access. Further, as the amount of data being stored grows,the overhead of RAID devices becomes a non-trivial efficiency issue.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWING(S)

FIG. 1 is a schematic block diagram of an embodiment of a computingsystem in accordance with the present invention;

FIG. 2 is a schematic block diagram of an embodiment of a computing corein accordance with the present invention;

FIG. 3 is a schematic block diagram of an embodiment of a distributedstorage processing unit in accordance with the present invention;

FIG. 4 is a schematic block diagram of an embodiment of a grid module inaccordance with the present invention;

FIG. 5 is a diagram of an example embodiment of error coded data slicecreation in accordance with the present invention;

FIG. 6A is a schematic block diagram of an embodiment of an accessinformation storage and retrieval system in accordance with the presentinvention;

FIG. 6B is a schematic block diagram of an embodiment of an accessinformation storage system in accordance with the present invention;

FIG. 7A is a schematic block diagram of another embodiment of an accessinformation storage system in accordance with the present invention;

FIG. 7B is a flowchart illustrating an example of storing accessinformation in accordance with the present invention;

FIG. 8 is a schematic block diagram of an embodiment of an accessinformation retrieval system in accordance with the present invention;

FIG. 9 is a flowchart illustrating an example of retrieving accessinformation in accordance with the present invention;

FIG. 10A is a diagram illustrating an example of an audit object inaccordance with the present invention;

FIG. 10B is a diagram illustrating an example of an audit record inaccordance with the present invention;

FIG. 10C is a flowchart illustrating an example of generating an auditobject in accordance with the present invention;

FIG. 11A is a flowchart illustrating an example of creating a systemaudit trail vault in accordance with the present invention;

FIG. 11B is a flowchart illustrating an example of deleting an auditrecord in accordance with the present invention;

FIG. 12 is a flowchart illustrating an example of generating a storagerequest log record in accordance with the present invention;

FIG. 13 is a flowchart illustrating an example of generating amanagement modification log record in accordance with the presentinvention;

FIG. 14 is a flowchart illustrating an example of transforming an auditrecord in accordance with the present invention;

FIG. 15A is a flow chart illustrating an example of locking access inaccordance with the present invention;

FIG. 15B is a flowchart illustrating an example of unlocking access inaccordance with the present invention;

FIG. 16A is a schematic block diagram of an embodiment of anauthentication system in accordance with the present invention;

FIG. 16B is a schematic block diagram of another embodiment of anauthentication system in accordance with the present invention;

FIG. 16C is a flow chart illustrating an example of generating temporaryaccess rights in accordance with the present invention;

FIG. 16D is a flowchart illustrating an example of acquiring accesscredentials in accordance with the present invention;

FIG. 17A is a schematic block diagram of another embodiment of acomputing system in accordance with the present invention;

FIG. 17B is a schematic block diagram of another embodiment of acomputing system in accordance with the present invention; and

FIG. 17C is a flowchart illustrating an example of detecting intentionalcorruption of data in accordance with the present invention.

DETAILED DESCRIPTION OF THE INVENTION

FIG. 1 is a schematic block diagram of a computing system 10 thatincludes one or more of a first type of user devices 12, one or more ofa second type of user devices 14, at least one distributed storage (DS)processing unit 16, at least one DS managing unit 18, at least onestorage integrity processing unit 20, and a distributed storage network(DSN) memory 22 coupled via a network 24. The network 24 may include oneor more wireless and/or wire lined communication systems; one or moreprivate intranet systems and/or public internet systems; and/or one ormore local area networks (LAN) and/or wide area networks (WAN).

The DSN memory 22 includes a plurality of distributed storage (DS) units36 for storing data of the system. Each of the DS units 36 includes aprocessing module and memory and may be located at a geographicallydifferent site than the other DS units (e.g., one in Chicago, one inMilwaukee, etc.).

Each of the user devices 12-14, the DS processing unit 16, the DSmanaging unit 18, and the storage integrity processing unit 20 may be aportable computing device (e.g., a social networking device, a gamingdevice, a cell phone, a smart phone, a personal digital assistant, adigital music player, a digital video player, a laptop computer, ahandheld computer, a video game controller, and/or any other portabledevice that includes a computing core) and/or a fixed computing device(e.g., a personal computer, a computer server, a cable set-top box, asatellite receiver, a television set, a printer, a fax machine, homeentertainment equipment, a video game console, and/or any type of homeor office computing equipment). Such a portable or fixed computingdevice includes a computing core 26 and one or more interfaces 30, 32,and/or 33. An embodiment of the computing core 26 will be described withreference to FIG. 2.

With respect to the interfaces, each of the interfaces 30, 32, and 33includes software and/or hardware to support one or more communicationlinks via the network 24 and/or directly. For example, interface 30supports a communication link (wired, wireless, direct, via a LAN, viathe network 24, etc.) between the first type of user device 14 and theDS processing unit 16. As another example, DSN interface 32 supports aplurality of communication links via the network 24 between the DSNmemory 22 and the DS processing unit 16, the first type of user device12, and/or the storage integrity processing unit 20. As yet anotherexample, interface 33 supports a communication link between the DSmanaging unit 18 and any one of the other devices and/or units 12, 14,16, 20, and/or 22 via the network 24.

In general and with respect to data storage, the system 10 supportsthree primary functions: distributed network data storage management,distributed data storage and retrieval, and data storage integrityverification. In accordance with these three primary functions, data canbe distributedly stored in a plurality of physically different locationsand subsequently retrieved in a reliable and secure manner regardless offailures of individual storage devices, failures of network equipment,the duration of storage, the amount of data being stored, attempts athacking the data, etc.

The DS managing unit 18 performs distributed network data storagemanagement functions, which include establishing distributed datastorage parameters, performing network operations, performing networkadministration, and/or performing network maintenance. The DS managingunit 18 establishes the distributed data storage parameters (e.g.,allocation of virtual DSN memory space, distributed storage parameters,security parameters, billing information, user profile information,etc.) for one or more of the user devices 12-14 (e.g., established forindividual devices, established for a user group of devices, establishedfor public access by the user devices, etc.). For example, the DSmanaging unit 18 coordinates the creation of a vault (e.g., a virtualmemory block) within the DSN memory 22 for a user device (for a group ofdevices, or for public access). The DS managing unit 18 also determinesthe distributed data storage parameters for the vault. In particular,the DS managing unit 18 determines a number of slices (e.g., the numberthat a data segment of a data file and/or data block is partitioned intofor distributed storage) and a read threshold value (e.g., the minimumnumber of slices required to reconstruct the data segment).

As another example, the DS managing unit 18 creates and stores, locallyor within the DSN memory 22, user profile information. The user profileinformation includes one or more of authentication information,permissions, and/or the security parameters. The security parameters mayinclude one or more of encryption/decryption scheme, one or moreencryption keys, key generation scheme, and data encoding/decodingscheme.

As yet another example, the DS managing unit 18 creates billinginformation for a particular user, user group, vault access, publicvault access, etc. For instance, the DS managing unit 18 tracks thenumber of times a user accesses a private vault and/or public vaults,which can be used to generate a per-access bill. In another instance,the DS managing unit 18 tracks the amount of data stored and/orretrieved by a user device and/or a user group, which can be used togenerate a per-data-amount bill.

The DS managing unit 18 also performs network operations, networkadministration, and/or network maintenance. As at least part ofperforming the network operations and/or administration, the DS managingunit 18 monitors performance of the devices and/or units of the system10 for potential failures, determines the devices' and/or units'activation status, determines the devices' and/or units' loading, andany other system level operation that affects the performance level ofthe system 10. For example, the DS managing unit 18 receives andaggregates network management alarms, alerts, errors, statusinformation, performance information, and messages from the devices12-14 and/or the units 16, 20, 22. For example, the DS managing unit 18receives a simple network management protocol (SNMP) message regardingthe status of the DS processing unit 16.

The DS managing unit 18 performs the network maintenance by identifyingequipment within the system 10 that needs replacing, upgrading,repairing, and/or expanding. For example, the DS managing unit 18determines that the DSN memory 22 needs more DS units 36 or that one ormore of the DS units 36 needs updating.

The second primary function (i.e., distributed data storage andretrieval) begins and ends with a user device 12-14. For instance, if asecond type of user device 14 has a data file 38 and/or data block 40 tostore in the DSN memory 22, it sends the data file 38 and/or data block40 to the DS processing unit 16 via its interface 30. As will bedescribed in greater detail with reference to FIG. 2, the interface 30functions to mimic a conventional operating system (OS) file systeminterface (e.g., network file system (NFS), flash file system (FFS),disk file system (DFS), file transfer protocol (FTP), web-baseddistributed authoring and versioning (WebDAV), etc.) and/or a blockmemory interface (e.g., small computer system interface (SCSI), internetsmall computer system interface (iSCSI), etc.). In addition, theinterface 30 may attach a user identification code (ID) to the data file38 and/or data block 40.

The DS processing unit 16 receives the data file 38 and/or data block 40via its interface 30 and performs a distributed storage (DS) process 34thereon (e.g., an error coding dispersal storage function). The DSprocessing 34 begins by partitioning the data file 38 and/or data block40 into one or more data segments, which is represented as Y datasegments. For example, the DS processing 34 may partition the data file38 and/or data block 40 into a fixed byte size segment (e.g., 2¹ to2^(n) bytes, where n=>2) or a variable byte size (e.g., change byte sizefrom segment to segment, or from groups of segments to groups ofsegments, etc.).

For each of the Y data segments, the DS processing 34 error encodes(e.g., forward error correction (FEC), information dispersal algorithm,or error correction coding) and slices (or slices then error encodes)the data segment into a plurality of error coded (EC) data slices 42-48,which is represented as X slices per data segment. The number of slices(X) per segment, which corresponds to a number of pillars n, is set inaccordance with the distributed data storage parameters and the errorcoding scheme. For example, if a Reed-Solomon (or other FEC scheme) isused in an n/k system, then a data segment is divided into n slices,where k number of slices is needed to reconstruct the original data(i.e., k is the threshold). As a few specific examples, the n/k factormay be 5/3; 6/4; 8/6; 8/5; 16/10.

For each EC slice 42-48, the DS processing unit 16 creates a uniqueslice name and appends it to the corresponding EC slice 42-48. The slicename includes universal DSN memory addressing routing information (e.g.,virtual memory addresses in the DSN memory 22) and user-specificinformation (e.g., user ID, file name, data block identifier, etc.).

The DS processing unit 16 transmits the plurality of EC slices 42-48 toa plurality of DS units 36 of the DSN memory 22 via the DSN interface 32and the network 24. The DSN interface 32 formats each of the slices fortransmission via the network 24. For example, the DSN interface 32 mayutilize an internet protocol (e.g., TCP/IP, etc.) to packetize the ECslices 42-48 for transmission via the network 24.

The number of DS units 36 receiving the EC slices 42-48 is dependent onthe distributed data storage parameters established by the DS managingunit 18. For example, the DS managing unit 18 may indicate that eachslice is to be stored in a different DS unit 36. As another example, theDS managing unit 18 may indicate that like slice numbers of differentdata segments are to be stored in the same DS unit 36. For example, thefirst slice of each of the data segments is to be stored in a first DSunit 36, the second slice of each of the data segments is to be storedin a second DS unit 36, etc. In this manner, the data is encoded anddistributedly stored at physically diverse locations to improve datastorage integrity and security.

Each DS unit 36 that receives an EC slice 42-48 for storage translatesthe virtual DSN memory address of the slice into a local physicaladdress for storage. Accordingly, each DS unit 36 maintains a virtual tophysical memory mapping to assist in the storage and retrieval of data.

The first type of user device 12 performs a similar function to storedata in the DSN memory 22 with the exception that it includes the DSprocessing. As such, the device 12 encodes and slices the data fileand/or data block it has to store. The device then transmits the slices11 to the DSN memory via its DSN interface 32 and the network 24.

For a second type of user device 14 to retrieve a data file or datablock from memory, it issues a read command via its interface 30 to theDS processing unit 16. The DS processing unit 16 performs the DSprocessing 34 to identify the DS units 36 storing the slices of the datafile and/or data block based on the read command. The DS processing unit16 may also communicate with the DS managing unit 18 to verify that theuser device 14 is authorized to access the requested data.

Assuming that the user device is authorized to access the requesteddata, the DS processing unit 16 issues slice read commands to at least athreshold number of the DS units 36 storing the requested data (e.g., toat least 10 DS units for a 16/10 error coding scheme). Each of the DSunits 36 receiving the slice read command, verifies the command,accesses its virtual to physical memory mapping, retrieves the requestedslice, or slices, and transmits it to the DS processing unit 16.

Once the DS processing unit 16 has received a read threshold number ofslices for a data segment, it performs an error decoding function andde-slicing to reconstruct the data segment. When Y number of datasegments has been reconstructed, the DS processing unit 16 provides thedata file 38 and/or data block 40 to the user device 14. Note that thefirst type of user device 12 performs a similar process to retrieve adata file and/or data block.

The storage integrity processing unit 20 performs the third primaryfunction of data storage integrity verification. In general, the storageintegrity processing unit 20 periodically retrieves slices 45, and/orslice names, of a data file or data block of a user device to verifythat one or more slices have not been corrupted or lost (e.g., the DSunit failed). The retrieval process mimics the read process previouslydescribed.

If the storage integrity processing unit 20 determines that one or moreslices is corrupted or lost, it rebuilds the corrupted or lost slice(s)in accordance with the error coding scheme. The storage integrityprocessing unit 20 stores the rebuild slice, or slices, in theappropriate DS unit(s) 36 in a manner that mimics the write processpreviously described.

FIG. 2 is a schematic block diagram of an embodiment of a computing core26 that includes a processing module 50, a memory controller 52, mainmemory 54, a video graphics processing unit 55, an input/output (IO)controller 56, a peripheral component interconnect (PCI) interface 58,an IO interface 60, at least one IO device interface module 62, a readonly memory (ROM) basic input output system (BIOS) 64, and one or morememory interface modules. The memory interface module(s) includes one ormore of a universal serial bus (USB) interface module 66, a host busadapter (HBA) interface module 68, a network interface module 70, aflash interface module 72, a hard drive interface module 74, and a DSNinterface module 76. Note the DSN interface module 76 and/or the networkinterface module 70 may function as the interface 30 of the user device14 of FIG. 1. Further note that the IO device interface module 62 and/orthe memory interface modules may be collectively or individuallyreferred to as IO ports.

FIG. 3 is a schematic block diagram of an embodiment of a dispersedstorage (DS) processing module 34 of user device 12 and/or of the DSprocessing unit 16. The DS processing module 34 includes a gatewaymodule 78, an access module 80, a grid module 82, and a storage module84. The DS processing module 34 may also include an interface 30 and theDSnet interface 32 or the interfaces 68 and/or 70 may be part of userdevice 12 or of the DS processing unit 16. The DS processing module 34may further include a bypass/feedback path between the storage module 84to the gateway module 78. Note that the modules 78-84 of the DSprocessing module 34 may be in a single unit or distributed acrossmultiple units.

In an example of storing data, the gateway module 78 receives anincoming data object that includes a user ID field 86, an object namefield 88, and the data object field 40 and may also receivecorresponding information that includes a process identifier (e.g., aninternal process/application ID), metadata, a file system directory, ablock number, a transaction message, a user device identity (ID), a dataobject identifier, a source name, and/or user information. The gatewaymodule 78 authenticates the user associated with the data object byverifying the user ID 86 with the DS managing unit 18 and/or anotherauthenticating unit.

When the user is authenticated, the gateway module 78 obtains userinformation from the management unit 18, the user device, and/or theother authenticating unit. The user information includes a vaultidentifier, operational parameters, and user attributes (e.g., userdata, billing information, etc.). A vault identifier identifies a vault,which is a virtual memory space that maps to a set of DS storage units36. For example, vault 1 (i.e., user 1's DSN memory space) includeseight DS storage units (X=8 wide) and vault 2 (i.e., user 2's DSN memoryspace) includes sixteen DS storage units (X=16 wide). The operationalparameters may include an error coding algorithm, the width n (number ofpillars X or slices per segment for this vault), a read threshold T, awrite threshold, an encryption algorithm, a slicing parameter, acompression algorithm, an integrity check method, caching settings,parallelism settings, and/or other parameters that may be used to accessthe DSN memory layer.

The gateway module 78 uses the user information to assign a source name35 to the data. For instance, the gateway module 78 determines thesource name 35 of the data object 40 based on the vault identifier andthe data object. For example, the source name may contain a fileidentifier (ID), a vault generation number, a reserved field, and avault identifier (ID). As another example, the gateway module 78 maygenerate the file ID based on a hash function of the data object 40.Note that the gateway module 78 may also perform message conversion,protocol conversion, electrical conversion, optical conversion, accesscontrol, user identification, user information retrieval, trafficmonitoring, statistics generation, configuration, management, and/orsource name determination.

The access module 80 receives the data object 40 and creates a series ofdata segments 1 through Y 90-92 in accordance with a data storageprotocol (e.g., file storage system, a block storage system, and/or anaggregated block storage system). The number of segments Y may be chosenor randomly assigned based on a selected segment size and the size ofthe data object. For example, if the number of segments is chosen to bea fixed number, then the size of the segments varies as a function ofthe size of the data object. For instance, if the data object is animage file of 4,194,304 eight bit bytes (e.g., 33,554,432 bits) and thenumber of segments Y=131,072, then each segment is 256 bits or 32 bytes.As another example, if segment size is fixed, then the number ofsegments Y varies based on the size of data object. For instance, if thedata object is an image file of 4,194,304 bytes and the fixed size ofeach segment is 4,096 bytes, then the number of segments Y=1,024. Notethat each segment is associated with the same source name.

The grid module 82 receives the data segments and may manipulate (e.g.,compression, encryption, cyclic redundancy check (CRC), etc.) each ofthe data segments before performing an error coding function of theerror coding dispersal storage function to produce a pre-manipulateddata segment. After manipulating a data segment, if applicable, the gridmodule 82 error encodes (e.g., Reed-Solomon, Convolution encoding,Trellis encoding, etc.) the data segment or manipulated data segmentinto X error coded data slices 42-44.

The value X, or the number of pillars (e.g., X=16), is chosen as aparameter of the error coding dispersal storage function. Otherparameters of the error coding dispersal function include a readthreshold T, a write threshold W, etc. The read threshold (e.g., T=10,when X=16) corresponds to the minimum number of error-free error codeddata slices required to reconstruct the data segment. In other words,the DS processing module 34 can compensate for X-T (e.g., 16−10=6)missing error coded data slices per data segment. The write threshold Wcorresponds to a minimum number of DS storage units that acknowledgeproper storage of their respective data slices before the DS processingmodule indicates proper storage of the encoded data segment. Note thatthe write threshold is greater than or equal to the read threshold for agiven number of pillars (X).

For each data slice of a data segment, the grid module 82 generates aunique slice name 37 and attaches it thereto. The slice name 37 includesa universal routing information field and a vault specific field and maybe 48 bytes (e.g., 24 bytes for each of the universal routinginformation field and the vault specific field). As illustrated, theuniversal routing information field includes a slice index, a vault ID,a vault generation, and a reserved field. The slice index is based onthe pillar number and the vault ID and, as such, is unique for eachpillar (e.g., slices of the same pillar for the same vault for anysegment will share the same slice index). The vault specific fieldincludes a data name, which includes a file ID and a segment number(e.g., a sequential numbering of data segments 1-Y of a simple dataobject or a data block number).

Prior to outputting the error coded data slices of a data segment, thegrid module may perform post-slice manipulation on the slices. Ifenabled, the manipulation includes slice level compression, encryption,CRC, addressing, tagging, and/or other manipulation to improve theeffectiveness of the computing system.

When the error coded data slices of a data segment are ready to beoutputted, the grid module 82 determines which of the DS storage units36 will store the EC data slices based on a dispersed storage memorymapping associated with the user's vault and/or DS storage unitattributes. The DS storage unit attributes may include availability,self-selection, performance history, link speed, link latency,ownership, available DSN memory, domain, cost, a prioritization scheme,a centralized selection message from another source, a lookup table,data ownership, and/or any other factor to optimize the operation of thecomputing system. Note that the number of DS storage units 36 is equalto or greater than the number of pillars (e.g., X) so that no more thanone error coded data slice of the same data segment is stored on thesame DS storage unit 36. Further note that EC data slices of the samepillar number but of different segments (e.g., EC data slice 1 of datasegment 1 and EC data slice 1 of data segment 2) may be stored on thesame or different DS storage units 36.

The storage module 84 performs an integrity check on the outboundencoded data slices and, when successful, identifies a plurality of DSstorage units based on information provided by the grid module 82. Thestorage module 84 then outputs the encoded data slices 1 through X ofeach segment 1 through Y to the DS storage units 36. Each of the DSstorage units 36 stores its EC data slice(s) and maintains a localvirtual DSN address to physical location table to convert the virtualDSN address of the EC data slice(s) into physical storage addresses.

In an example of a read operation, the user device 12 and/or 14 sends aread request to the DS processing unit 14, which authenticates therequest. When the request is authentic, the DS processing unit 14 sendsa read message to each of the DS storage units 36 storing slices of thedata object being read. The slices are received via the DSnet interface32 and processed by the storage module 84, which performs a parity checkand provides the slices to the grid module 82 when the parity check wassuccessful. The grid module 82 decodes the slices in accordance with theerror coding dispersal storage function to reconstruct the data segment.The access module 80 reconstructs the data object from the data segmentsand the gateway module 78 formats the data object for transmission tothe user device.

FIG. 4 is a schematic block diagram of an embodiment of a grid module 82that includes a control unit 73, a pre-slice manipulator 75, an encoder77, a slicer 79, a post-slice manipulator 81, a pre-slice de-manipulator83, a decoder 85, a de-slicer 87, and/or a post-slice de-manipulator 89.Note that the control unit 73 may be partially or completely external tothe grid module 82. For example, the control unit 73 may be part of thecomputing core at a remote location, part of a user device, part of theDS managing unit 18, or distributed amongst one or more DS storageunits.

In an example of a write operation, the pre-slice manipulator 75receives a data segment 90-92 and a write instruction from an authorizeduser device. The pre-slice manipulator 75 determines if pre-manipulationof the data segment 90-92 is required and, if so, what type. Thepre-slice manipulator 75 may make the determination independently orbased on instructions from the control unit 73, where the determinationis based on a computing system-wide predetermination, a table lookup,vault parameters associated with the user identification, the type ofdata, security requirements, available DSN memory, performancerequirements, and/or other metadata.

Once a positive determination is made, the pre-slice manipulator 75manipulates the data segment 90-92 in accordance with the type ofmanipulation. For example, the type of manipulation may be compression(e.g., Lempel-Ziv-Welch, Huffman, Golomb, fractal, wavelet, etc.),signatures (e.g., Digital Signature Algorithm (DSA), Elliptic Curve DSA,Secure Hash Algorithm, etc.), watermarking, tagging, encryption (e.g.,Data Encryption Standard, Advanced Encryption Standard, etc.), addingmetadata (e.g., time/date stamping, user information, file type, etc.),cyclic redundancy check (e.g., CRC32), and/or other data manipulationsto produce the pre-manipulated data segment.

The encoder 77 encodes the pre-manipulated data segment 92 using aforward error correction (FEC) encoder (and/or other type of erasurecoding and/or error coding) to produce an encoded data segment 94. Theencoder 77 determines which forward error correction algorithm to usebased on a predetermination associated with the user's vault, a timebased algorithm, user direction, DS managing unit direction, controlunit direction, as a function of the data type, as a function of thedata segment 92 metadata, and/or any other factor to determine algorithmtype. The forward error correction algorithm may be Golay,Multidimensional parity, Reed-Solomon, Hamming, Bose Ray ChauduriHocquenghem (BCH), Cauchy-Reed-Solomon, or any other FEC encoder. Notethat the encoder 77 may use a different encoding algorithm for each datasegment 92, the same encoding algorithm for the data segments 92 of adata object, or a combination thereof.

The encoded data segment 94 is of greater size than the data segment 92by the overhead rate of the encoding algorithm by a factor of X/T, whereX is the width or number of slices, and T is the read threshold. In thisregard, the corresponding decoding process can accommodate at most X-Tmissing EC data slices and still recreate the data segment 92. Forexample, if X=16 and T=10, then the data segment 92 will be recoverableas long as 10 or more EC data slices per segment are not corrupted.

The slicer 79 transforms the encoded data segment 94 into EC data slicesin accordance with the slicing parameter from the vault for this userand/or data segment 92. For example, if the slicing parameter is X=16,then the slicer 79 slices each encoded data segment 94 into 16 encodedslices.

The post-slice manipulator 81 performs, if enabled, post-manipulation onthe encoded slices to produce the EC data slices. If enabled, thepost-slice manipulator 81 determines the type of post-manipulation,which may be based on a computing system-wide predetermination,parameters in the vault for this user, a table lookup, the useridentification, the type of data, security requirements, available DSNmemory, performance requirements, control unit directed, and/or othermetadata. Note that the type of post-slice manipulation may includeslice level compression, signatures, encryption, CRC, addressing,watermarking, tagging, adding metadata, and/or other manipulation toimprove the effectiveness of the computing system.

In an example of a read operation, the post-slice de-manipulator 89receives at least a read threshold number of EC data slices and performsthe inverse function of the post-slice manipulator 81 to produce aplurality of encoded slices. The de-slicer 87 de-slices the encodedslices to produce an encoded data segment 94. The decoder 85 performsthe inverse function of the encoder 77 to recapture the data segment90-92. The pre-slice de-manipulator 83 performs the inverse function ofthe pre-slice manipulator 75 to recapture the data segment 90-92.

FIG. 5 is a diagram of an example of slicing an encoded data segment 94by the slicer 79. In this example, the encoded data segment 94 includesthirty-two bits, but may include more or less bits. The slicer 79disperses the bits of the encoded data segment 94 across the EC dataslices in a pattern as shown. As such, each EC data slice does notinclude consecutive bits of the data segment 94 reducing the impact ofconsecutive bit failures on data recovery. For example, if EC data slice2 (which includes bits 1, 5, 9, 13, 17, 25, and 29) is unavailable(e.g., lost, inaccessible, or corrupted), the data segment can bereconstructed from the other EC data slices (e.g., 1, 3 and 4 for a readthreshold of 3 and a width of 4).

FIG. 6A is a schematic block diagram of an embodiment of an accessinformation storage and retrieval system that includes a dispersedstorage (DS) managing unit 18 (e.g., a managing unit), a certificateauthority (CA) 102, a user device 14, an authentication token 104, a setof authenticating units 106, and a dispersed storage network memory 22.The certificate authority 102 may be implemented as part of the DSmanaging unit 18. The set of authenticating units 106 includes a setnumber of authenticating units 108. An authenticating unit 108 may beimplemented as a DS unit. The set of authenticating units 106 may beimplemented as part of the DSN memory 22 when an authenticating unit 108is implemented as a DS unit.

The system functions to store access information in the authenticationtoken 104 and the set of authenticating units 106 for subsequentretrieval and processing by the authentication token 104 to enable userdevice 14 to access the DSN memory 22. With regards to retrieval of theaccess information to enable access to DSN number 22, the user device 14generates a certificate signing request (CSR) 110 and sends the CSR 110to the authentication token 104 when the user device 14 desires to gainaccess to the DSN memory 22. Next, the authentication token 104 sendsauthentication information requests 112 (e.g., blinded passwords) to theset of authentication units 106 and receives authentication information114 (e.g., passkeys, retrieved random numbers) in response. For example,the authentication token 104 generates a set of random numbers, obtainsuser information 116 (e.g., a password), generates a set of blindedpasswords based on the set of random numbers and the user information114, and outputs the set of blinded passwords to the set ofauthenticating units 106.

The authentication token 104 retrieves encrypted shares 126 from amemory of the authentication token 104. The authentication token 104decrypts the encrypted shares 126 based on the authenticationinformation 114 and the user information 116 to produce encoded shares.For example, the authentication token 104 generates a set of encryptionkeys based on a set of passkeys of the authentication information 114and the set of random numbers. The authentication token 104 generates auser signed certificate 118 based on the CSR 110 and the encoded shares.For example, the authentication token 104 decodes the encoded shares toproduce a private key affiliated with the user device and generates acertification signature for a certificate of CSR 110 to produce the usersigned certificate 118. The user device 14 generates a CSR with the usersigned certificate 118 to produce a CA CSR 120. The user device 14 sendsthe CA CSR 120 to the certificate authority 102 and receives a CA signedcertificate 122 in response. The user device 14 generates an accessrequest 124 and sends the access request 124 and the CA signedcertificate 122 to DSN memory 22 to gain access to the DSN memory 22.The method of operation of the authentication token 104 to retrieve andutilize the access information is discussed in greater detail withreference to FIGS. 8 and 9.

With regards to storage of the access information, the DS managing unit18 generates the encrypted shares 126 based on the user information 116.For example, the DS managing unit 18 generates and encodes the privatekey affiliated with user device 14, applies a share encoding function onthe private key to produce a set of encoded shares, generates a set ofrandom numbers, generates a set of hidden passwords based on the userinformation 116, generates a set of encryption keys based on the set ofhidden passwords and the set of random numbers, and encrypts the set ofencoded shares utilizing a set of encryption keys to produce a set ofencrypted shares 126. The DS managing unit 18 outputs the encryptedshares 126 to the authentication token 104 for storage therein. The DSmanaging unit 18 outputs the set of random numbers as authenticationinformation 114 to the set of authenticating units 106 for storagetherein. The method of operation of the DS managing unit 18 to generateand store the access information is discussed in greater detail withreference to FIGS. 6B, 7A, and 7B.

FIG. 6B is a schematic block diagram of an embodiment of an accessinformation storage system that includes a dispersed storage (DS)managing unit 18, an authentication token 104, and a set ofauthenticating units 106. The set of authenticating units 106 includesauthenticating units 1-N 106 where N is just a set number. Theauthentication token 104 includes a memory 138. Each authenticating unitincludes a memory of a set of memories 1-N. At least one authenticatingunit 108 of the set of authenticating units 106 may be implementedutilizing at least one of a DS processing unit, a DS unit, and adispersed storage network (DSN) memory.

The DS managing unit 18 includes an access information package 130, ashare encoder 132, a set of random number generators (RNG) 1-N, a set ofkey generators 1-N, an authentication input processor 136, a userinterface input 134, and a set of encryptors 1-N. The access informationpackage 130 includes access information 140 and an access informationhash digest 142. The access information hash digest 142 may be generatedby utilizing a deterministic function (e.g., a hashing function) on theaccess information 140. The access information hash digest 142 may beutilized in a subsequent integrity verification step to verify that theaccess information 140 has not been tampered with.

The access information 140 may include one or more of a private key of apublic/private key pairing associated with a user device, a user deviceidentifier (ID), a communications path identifier, a wireless channelidentifier, a communications system talkgroup identifier, an encryptionkey, a public key, a public/private key pair, a credential, a signature,a signed certificate, a certificate chain, access permissions,authentication information, and access privileges. The accessinformation 140 may be utilized by a user device to gain access to asystem (e.g., a dispersed storage network (DSN), an information system,a data storage system, a communication system, a control system, etc.).Gaining access may include one or more of establishing a connection,authenticating (e.g., utilizing a certificate authority signedcertificate and/or a user device signed certificate), obtaining registryinformation, receiving content from the system, sending content to thesystem, deleting content from the system, receiving a communication, andsending a communication. For example, a first wireless user deviceutilizes a signed certificate generated utilizing a private key of theaccess information 140 to gain access to DSN via a wirelesscommunication network.

The share encoder 132 encodes the access information package 130 inaccordance with a share encoding function to produce a set of encodedshares 1-N. The share encoding function includes at least one of adispersed storage error encoding function and a secret sharing function(e.g., a Shamir secret sharing algorithm). The set of encryptors 1-Nencrypt the set of encoded shares 1-N in accordance with an encryptionalgorithm utilizing a set of keys 1-N to produce a set of encryptedshares 1-N. The encryption algorithm may be in accordance with dispersedstorage error coding parameters. For example, each encryptor of the setof encryptors 1-N utilizes a common encryption algorithm in accordancewith the dispersed storage error coding parameters. As another example,at least two encryptors of the set of encryptors 1-N utilize differentencryption algorithms in accordance with the dispersed storage errorcoding parameters.

The set of encryptors 1-N output the set of encrypted shares 1-N tomemory 138 for storage therein. Alternatively, the set of encryptors 1-Noutput the set of encrypted shares 1-N to at least one DS processingunit, wherein the DS processing unit dispersed storage error encodeseach encrypted share of the set of encrypted shares 1-N to produce atleast one plurality of sets of encrypted share slices and stores the atleast one plurality of sets of encrypted share slices in a DSN memory.Alternatively, the set of encryptors 1-N output the set of encryptedshares 1-N to at least one DSN memory for storage therein (e.g., withoutproducing the at least one plurality of sets of encrypted share slices).

The user interface input 134 directly receives user information 116(e.g., from a user via a keypad) to produce authentication information144 or indirectly receives the authentication information 144 from auser device (e.g., via retrieving and/or receiving). The authenticationinformation 144 includes one or more of a text string, at least one of auser device identifier (ID), a user ID, a personal information number(PIN), a badge ID, a district ID, a work-shift ID, an assignment ID, amission ID, a passcode, a password, a picture file, a video file, anaudio file, a retinal scan, a facial scan, a fingerprint scan, apersonal secret, a password index number, and any other values that canbe subsequently provided by a user of a user device. For example, theuser interface input 134 directly receives a password and a PIN from akeyboard input as the authentication information 144. As anotherexample, the user interface input 134 indirectly receives the passwordand the PIN as the authentication information 144 by receiving thepassword and the PIN from a user registration server, wherein thepassword and the PIN were subsequently generated when an associated userwas added to a registration database within the registration server.

The user interface input 134 outputs the authentication information 144to the authentication input processor 136. The authentication inputprocessor 136 generates a plurality of hidden passwords p1-pN based onthe authentication information 144. The generating of the plurality ofhidden passwords p1-pN includes transforming the authenticationinformation 144 in accordance with a set of transformation functions toproduce a set of transformed personalized authenticating values and foreach password of the corresponding plurality of hidden passwords,combining, in accordance with a combining function, one of the set oftransformed personalized authenticating values with at least one of aconstant and another one of the set of transformed personalizedauthenticating values to produce the password. In an instance, eachhidden password is unique from all the other hidden passwords. Inanother instance, each hidden password is substantially the same as allthe other hidden passwords.

For example, the authentication input processor 136 receivesauthentication information 144 from a fingerprint reader user interfaceinput 134 and calculates a hash to produce a first intermediate result.Next, the authentication input processor 136 receives authenticationinformation as a PIN from a keypad and adds the PIN to the firstintermediate result to produce a hidden password core. Theauthentication input processor 136 partitions the hidden password coreto produce the hidden passwords p1-pN. Alternatively, the authenticationinput processor 136 replicates the hidden password core to produce thehidden passwords p1-pN.

The set of random number generators 1-N generate a set of random numberse₁-e_(N). For example, each random number of the set of random numberse₁-e_(N) are a same number of bits as a number of bits of p, where p isdetermined by security parameters (e.g., of dispersed storage errorcoding parameters). The set of random number generators 1-N output theset of random numbers e₁-e_(N) to the set of authenticating units 106for storage therein. Alternatively, a DS processing module or DSprocessing unit associated with each authenticating unit 108 or with theDS managing unit 18 dispersed storage error encodes each random numberof the set of random numbers e₁-e_(N) in accordance with the dispersedstorage error coding parameters to produce N pluralities of sets ofencoded random number slices. Next, the DS processing module sends thecorresponding plurality of encoded random number slices to a DSN memoryfor storage therein.

The set of key generators 1-N generates a set of keys 1-N based on oneor more of the set of random numbers e₁-e_(N), security parameters, andthe set of hidden passwords p1-pN. Each key of the set of keys 1-Nincludes a same number of bits as a number of bits of p. For example,the set of key generators 1-N generate the set of keys 1-N bytransforming an expansion of the set of hidden password p1-pN utilizinga mask generating function (MGF) and the set of random numbers e₁-e_(N)in accordance with the expression: key x=((MGF(px))²)^(e) _(x) modulo p.For example, key 1=((MGF(p1))²)^(e) ₁ modulo p. In an instance, keygenerator 1 calculates key 1=13 when MGF(p1)=4, e₁=10, and p=23, since(4²)¹⁰ mod 23=13. Alternatively, or in addition to, one of the keygenerators may process the key to provide a key of a desired length inrelation to an encryption algorithm. For example, the key output of thealgorithm is hashed to produce a hashed key and a desired number of bits(e.g., 256, 192, 128 bits) of the hashed key are utilized as a key forthe encryption algorithm.

The user information 116 (e.g., same password), a decode thresholdnumber of pairs of random numbers e_(x) and encrypted shares x arerequired to subsequently reproduce the access information package 130.The method to reproduce the access information package 130 is discussedin greater detail with reference to FIGS. 8 and 9. Note that a securityimprovement is provided by the system when the pairs of random numberse_(x) and encrypted shares x are stored at substantially differentstorage locations (e.g., in the authentication token 104 and in the setof authenticating units 106) by reducing the likelihood of a successfulattack to gain access to the pairs of random numbers e_(x) and encryptedshares x.

FIG. 7A is a schematic block diagram of another embodiment of an accessinformation storage system that includes a user device 14, andauthentication token 104, a set of authenticating units 106, and acomputing device 150. The set of authenticating units 106 includes a setnumber of authenticating units 108. The authentication token 104includes a memory 138 and a processing module 164 (e.g., a dispersedstorage (DS) processing). The computing device 150 may be implemented asat least one of a DS managing unit, a managing unit, a certificateauthority, a key generation unit, and a server. The computing device 150includes a DS module 152. The DS module 152 includes an encode module154, a random number module 156, a password module 158, an encryptmodule 160, and an output module 162. The system functions to storeaccess information in the authentication token 104 and the set ofauthenticating units 106 for subsequent retrieval and processing by theauthentication token 104 to enable user device 14 to access a dispersedstorage network (DSN).

With regards to storage of the authentication information, the encodemodule 154 affiliates the authentication token 104 with user information116 of a user. For example, the encode module 154 associates a hardwareidentifier (ID) of the authentication token 104 to a user ID of the userof user device 14 and stores association information in one or more ofmemory 138, a DSN memory, and a local record. Next, the encode module154 generates a private/public key pairing associated with the userinformation 116. For example, the encode module 154 generates theprivate/public key pairing in accordance with a public keyinfrastructure approach. Next, the encode module 154 applies a shareencoding function on a private key of the private/public key pairing toproduce a set of encoded shares 166. The share encoding functionincludes at least one of a dispersed storage error encoding function anda secret sharing function. The random number module 156 generates a setof random numbers 168. The random number module 156 generates the set ofrandom numbers 168 by obtaining a set of base random numbers andexpanding each base random number of the set of base random numbers 168based on security parameters to produce the set of random numbers 168.

The password module 158 generates a set of hidden passwords 170 based onthe user information 116. The password module 158 generates the set ofhidden passwords 170 by transforming a set of personalizedauthenticating values of the user information 116 in accordance with aset of transformation functions to produce a set of transformedpersonalized authenticating values. The set of personalizedauthenticating values includes at least one of a password, a user deviceidentifier (ID), a user ID, a personal information number (PIN), a badgeID, a district ID, a work-shift ID, an assignment ID, a mission ID, apasscode, a picture file, a video file, an audio file, a retinal scan, afacial scan, a fingerprint scan, a personal secret, and a password indexnumber. The transformation function includes at least one of a nullfunction, a concatenation function, an inverting function, a hashingfunction, an encryption function, a compressing function, and a maskgenerating function. Next, for each hidden password of the set of hiddenpasswords 170, the password module 158 combines, in accordance with acombining function, one of the set of transformed personalizedauthenticating values with at least one of a constant and another one ofthe set of transformed personalized authenticating values to produce thehidden password. The combining function includes at least one of anaddition function, a subtraction function, a multiplication function, adivision function, a logical exclusive OR function, a logical ORfunction, and a logical AND function.

The encrypt module 160 generates a set of encryption keys based on theset of hidden passwords 170 and the set of random numbers 168. Theencrypt module 160 further functions to encrypt the set of encodedshares 166 utilizing the set of encryption keys to produce a set ofencrypted shares 172. For each encoded share of the set of encodedshares 166, the encrypt module 160 functions to generate an encryptionkey based on a corresponding one of the set of hidden passwords 170 anda corresponding one of the set of random numbers 168. The generating theencryption key includes transforming the corresponding one of the set ofhidden passwords utilizing a mask generating function (MGF), securityparameters, and the corresponding one of the set of random numbers. Forexample, the encrypt module 160 generates the encryption key bytransforming an expansion of a corresponding hidden password pxutilizing the mask generating function and a corresponding randomnumbers e_(x) in accordance with the expression: encryption keyx=((MGF(px))²)^(e) _(x) modulo p, where p is determined by securityparameters (e.g., of dispersed storage error coding parameters). Forexample, key 1=((MGF(p1))²)^(e) ₁ modulo p. In an instance, keygenerator 1 calculates key 1=13 when MGF(p1)=4, e₁=10, and p=23, since(4²)¹⁰ mod 23=13. Next, the encrypt module 160 encrypts the encodedshare utilizing the encryption key to produce an encrypted share. Theoutput module 162 outputs the set of encrypted shares 172 to theauthentication token 104 for storage in memory 138 and outputs the setof random numbers 168 to the set of authenticating units 106 for storagetherein.

With regards to retrieval of the authentication information, the userdevice 14 generates a certificate signing request (CSR) 110 regarding auser. The CSR 110 includes user information 116 regarding the user. Theprocessing module 164 receives the CSR 110 from the user device 14 andgenerates the set of hidden passwords 170 based on the user information116. The processing module 164 accesses the set of authenticating units106 to obtain a set of passkeys 174 based on the set of hidden passwords170 and another set of random numbers. The accessing includes generatingthe other set of random numbers, generating a set of blinded passwords176 based on the set of hidden passwords 170 and the other set of randomnumbers, and outputting the set of blinded passwords 176 to the set ofauthenticating units 106.

The accessing further includes one of receiving the set of passkeys 174from the set of authenticating 106 and generating the set of passkeys174 based on a set of recovered random numbers 178 received from the setof authenticating units 106. For example, the set of authenticatingunits 106 retrieves the set of recovered random numbers 178 frommemories of the set of authenticating units 106, generates the set ofpasskeys 174 based on the recovered random numbers 178 and the set ofblinded passwords 176, and outputs the set of passkeys 174 to theprocessing module 164 when receiving the set of passkeys 174. As anotherexample, the set of authenticating units 106 retrieves the set ofrecovered random numbers 178 from the memories of the set ofauthenticating units 106 based on the set of blinded passwords 176,outputs the recovered random numbers 178 to the processing module 164,where the processing module 164 generates the set of passkeys 174 basedon the recovered random numbers with 178 and the set of blindedpasswords 176 when generating the set of passkeys 174.

The processing module 164 retrieves a set of encrypted shares 172 frommemory 138 based on the user information (e.g., from a portion of memory138 associated with the user ID). The processing module 164 decrypts theset of encrypted shares 172 based on the set of passkeys 174 and theother set of random numbers to reproduce the set of encoded shares 166.For example, the processing module 164 generates a set of decryptionkeys based on the other set of random numbers and the set of passkeys174 by generating a set of values based on the other set of randomnumbers and generating the set of decryption keys based on the set ofvalues and the set of passkeys. The processing module 164 decodes, inaccordance with the share encoding function, the set of encoded shares166 to recapture the private key of the private/public key pairing(e.g., private key associated with the user).

The processing module 164 generates a user signed certificate 118 basedon the private key. For example, the processing module 164 generates,utilizing the private key, a certification signature with regards to theCSR 110 and generates the user signed certificate 118 to include acertificate of CSR 110 and the certification signature. The processingmodule 164 discards the private key to substantially protect the privatekey from the user device 14. The processing module 164 outputs the usersigned certificate 118 to the user device 14. The processing module 164may discard the private key prior to outputting the user signedcertificate 118, contemporaneously with the outputting of the usersigned certificate 118, or after outputting the user signed certificate118. The user device 14 may utilize the user signed certificate 118 whenaccessing another entity that requires an authentication process. Theother entity includes one or more of a dispersed storage network, acommunication network, a non-dispersed storage network storage network,and computing network.

FIG. 7B is a flowchart illustrating an example of storing accessinformation. The method begins at step 180 where a processing module(e.g., of a dispersed storage (DS) imaging unit) affiliates anauthentication token with user information of a user. The methodcontinues at step 182 where the processing module generates aprivate/public key pairing associated with the user information. Forexample, processing module generates the private/public key pairing toinclude a private key and a public key utilizing a public-keyinfrastructure approach such that the public key is included in the userinformation.

The method continues at step 184 where the processing module applies ashare encoding function on the private key of the private/public keypairing to produce a set of encoded shares. The share encoding functionincludes at least one of a dispersed storage error encoding function anda secret sharing function (e.g., Shamir's secret sharing scheme,Blakley's scheme, Chinese Remainder Theorem scheme). For example, theprocessing module creates shares 1-16 in accordance with shared secretalgorithm parameters when the share encoding function is the secretsharing function and N=16. As another example, the processing moduledispersed storage error encodes the private key in accordance with anerror coding dispersal storage function to produce shares 1-16 asencoded share slices when the share encoding function is the dispersedstorage error encoding function and a pillar width is 16.

The method continues at step 186 where the processing module generates aset of random numbers. The generating the set of random numbers includesobtaining a set of base random numbers and expanding each base randomnumber of the set of base random numbers based on security parameters toproduce the set of random numbers. The generating the set of randomnumbers may further includes determining the security parameters. Thesecurity parameters may include one or more of a share number N, a valueof security algorithm constant p (a prime number), a value of securityalgorithm constant q (a prime number), one or more shared secretalgorithm parameters, an encryption algorithm indicator, a key generatorfunction indicator, a key size, a random number generator function, arandom number size, a hash function type indicator, a security packagestructure indicator, and any other parameter to specify the operation ofthe storing of the access information package data. The determining maybe based on one or more of security requirements, a security statusindicator, a user identifier (ID), a vault ID, a list, a table lookup, apredetermination, a message, and a command. For example, the processingmodule determines the security parameters based on a table lookupcorresponding to a user ID affiliated with a user device of the userinformation.

As an example of generating a random number of the set of randomnumbers, the processing module produces a random number e_(x) such thatthe bit length of the random number e_(x) is substantially the same as abit length of a value of security algorithm constant p and/or a bitlength of a value of security algorithm constant q. For instance, theprocessing module produces a random number e₃ that is 1,024 bits inlength when the security algorithm constant p is 1,024 bits in length.

The method continues at step 188 where the processing module generates aset of hidden passwords based on the user information. The generatingthe set of hidden passwords includes several steps. In a first step, theprocessing module obtains a set of personalized authenticating values.The obtaining may be based on one or more of a direct entry via a userinput module (e.g., a keypad), a user device query, registrationinformation, a lookup, a user device input, a DS managing unit input, aDS managing unit lookup, a message, and a command. For example, theprocessing module obtains a personal information number (PIN) as theauthentication information via a query to an associated user device. Asanother example, the processing module performs a badge ID table lookupto obtain a badge ID as the personalized authenticating value.

In a second step, the processing module transforms the set ofpersonalized authenticating values of the user information in accordancewith a set of transformation functions to produce a set of transformedpersonalized authenticating values. In a third step, for each passwordof the set of hidden passwords, the processing module combines, inaccordance with a combining function, one of the set of transformedpersonalized authenticating values with at least one of a constant andanother one of the set of transformed personalized authenticating valuesto produce the password.

The method continues at step 190 where the processing module generates aset of encryption keys based on the set of hidden passwords and the setof random numbers. For each encoded share of the set of encoded shares,the processing module generates an encryption key based on acorresponding one of the set of hidden passwords and a corresponding oneof the set of random numbers. The generating the encryption key includestransforming the corresponding one of the set of hidden passwordsutilizing a mask generating function, security parameters, and thecorresponding one of the set of random numbers. For example, theprocessing module generates an encryption key x based on hidden passwordpx and corresponding random number e_(x) in accordance with theexpression key x=((MGF(px))²)^(e) _(x) modulo p.

The method continues at step 192 where the processing module encryptsthe set of encoded shares utilizing the set of encryption keys toproduce a set of encrypted shares. For each encoded share of the set ofencoded shares, the processing module encrypts the encoded shareutilizing the encryption key to produce an encrypted share. Theencrypting may further be based on one or more of the securityparameters, dispersed storage error coding parameters, a user identifier(ID), a vault ID, a vault lookup, security requirements, a securitystatus indicator, a message, and a command.

The method continues at step 194 where the processing module outputs theset of encrypted shares to the authentication token for storage therein.The outputting includes at least one of storing the set of encryptedshares and the security parameters in a memory of the authenticationtoken, sending the set of encrypted shares and the security parametersto the authentication token, sending the set of encrypted shares and thesecurity parameters to the DSN memory for storage therein, sending theset of encrypted shares and the security parameters to the set ofauthenticating units for storage therein, sending the set of encryptedshare and the security parameters to a dispersed storage (DS) processingunit, and dispersed storage error encoding the set of encrypted sharesand the security parameters to produce a plurality of encoded shareslices and outputting the plurality of encoded share slices for storage.

The method continues at step 196 where the processing module outputs theset of random numbers to a set of authenticating units. The outputtingincludes identifying a set of storage locations associated with the setof authenticating units. For example, the processing module performs alookup to retrieve internet protocol (IP) addresses of the set ofstorage locations and outputs the set of random numbers to correspondingIP addresses.

FIG. 8 is a schematic block diagram of an embodiment of an accessinformation retrieval system that includes a token device 104, a userdevice 14, and a set of authenticating units 106. The set ofauthenticating units 106 includes a set number of authenticating units108. Each authenticating unit 108 of the set of authenticating units 106includes a memory of a set of memories 1-N and a passkey generator of aset of passkey generators 1-N. At least one authenticating unit 108 ofthe set of authenticating units 106 may be implemented utilizing atleast one dispersed storage (DS) processing unit and a dispersed storagenetwork (DSN) memory. The user device 14 includes a computing core 26.The authentication token 104 includes an access information package 130,a share decoder 200, a credential processor 202, an authentication inputprocessor 136, a user interface input 134, a set of random numbergenerators (RNG) 1-N, a set of blinded password generators 1-N (e.g.,bpass gen 1-N), a set of value generators (e.g., v gen 1-N), a set ofkey regenerators (e.g., key regen 1-N), a set of decryptors 1-N, and amemory 138.

The access information package 130 includes access information 140recovered as described below and an access information hash digest 142.The access information hash digest 142 may be utilized in a subsequentintegrity verification step to verify that the access information 140has not been tampered with. The credential processor 202 provides theuser device 14 with credential information 204 based on the accessinformation 140 such that the user device 14 may subsequently gainaccess to a system (e.g., an information system, a data storage system,a communication system, a control system, etc.). The credentialinformation may include one or more of user information 116 from theuser device 14, a certificate signing request (CSR) from the user device14, a user signed certificate from the credential processor 202. Forexample, the user device 14 generates a CSR and sends a CSR to thecredential processor 202. The credential processor 202 recovers accessinformation 140 and generates the user device signed certificateutilizing a private key of the access information 140.

The credential processor 202 recovers the access information 140 whenthe access information 140 is not readily available. For example, thecredential processor 202 recovers access information 140 in response toeach CSR received from the user device 14. As another example, thecredential processor 202 recovers the access information 140 when a timeof validity indicator associated with the access information 140indicates that the access information 140 is no longer valid. One of thecredential processor 202 and another entity of the authentication token104 may delete the access information 140 from time to time to provideimproved security. Next, the credential processor sends 202 the usersigned certificate to the computing core 26 of the user device 14.Computing core 26 utilizes the user signed certificate to gain access tothe system without any exposure of the private key of the accessinformation 140.

With regards to recovering the access information 140, theauthentication input processor 136 receives authentication information144 from the user interface input 134 (e.g., a password and personalidentification number (PIN) are received from a keypad of theauthentication token 104 and is user information 116). Theauthentication input processor 136 generates a set of hidden passwordsp1-pN based on the authentication information 144. For example, theauthentication input processor 136 obtains a badge identifier (ID) asthe authentication information 144 from a user input and calculates ahash of the badge ID to produce a first intermediate result. Next, theauthentication input processor 136 obtains a talk group ID as secondauthentication information and adds the talk group ID to the firstintermediate result to produce a hidden password core. Theauthentication input processor 136 partitions the hidden password coreto produce the set of hidden passwords p1-pN. Alternatively, theauthentication input processor 136 replicates the hidden password coreto produce the set of hidden passwords p1-pN.

The set of random number generators 1-N generate a set of random numbersb₁-b_(N). For example, each random number generator of the set of randomnumber generators 1-N generates a random number of the set of randomnumbers b₁-b_(N) such that each random number includes a same number ofbits as a number of bits of p, wherein p is extracted from dispersedstorage error coding parameters and/or security parameters retrievedfrom the memory. The set of random number generators 1-N output the setof random numbers b₁-b_(N) to the set of blinded password generators 1-Nand to the set of value generators 1-N.

The set of blinded password generators 1-N generate a set of blindedpasswords (bpass) 1-N based on the security parameters, the set ofrandom numbers b₁-b_(N), and the set of hidden passwords p1-pN. The setof blinded passwords 1-N are generated such that each blinded passwordincludes a same number of bits as a number of bits of security perimeterp. For example, the set of blinded password generators 1-N generate theset of bpass 1-N values by transforming an expansion of each of the setof hidden password p1-pN into the same number of bits as the securityparameter constant p utilizing a mask generating function (MGF) and acorresponding one of the set of random numbers b₁-b_(N) in accordancewith the expression bpass x=((MGF(px))²)^(b) _(x) modulo p. For example,bpass 1=((MGF(p1))²)^(b) ₁ modulo p. In an instance, blinded passwordgenerator 1 generates bpass 1=18 when MGF(p1)=4, b₁=7, and p=23, since(4²)⁷ mod 23=18. The set of blinded password generators 1-N outputs theset of bpass 1-N values to the set of authenticating units 106 via theuser device 14. At least one of the authentication token 104 and theuser device 14 determines a set of addresses associated with the set ofauthenticating units 106 and sends the set of bpass 1-N values to theset of authenticating units 106 utilizing the set of addresses.

The set of value generators 1-N generate a set of values v₁-v_(N) basedon the set of random numbers b₁-b_(N) and the value of a securityparameters constant q in accordance with an expression b*v modulo q=1.The value of q is based on a value of p in accordance with theexpression q=(p−1)/2. For example, q=11 when p=23. For instance, valuegenerator 1 generates a value v1=8 when b₁=7 and q=11 since 7*8=56 and56 modulo 11=1. The set of value generators 1-N output the set of valuesv₁ through v_(N) to the set of key regenerators 1-N.

Each passkey generator of the set of passkey generators 1-N retrieves apreviously stored random number value of a set of random number valuese₁ through e_(N) from a memory of a set of memories 1-N to produce arecovered random number of a set recovered random numbers e₁ throughe_(N) in response to receiving a passkey request from the user devicethat includes a corresponding blinded password (bpass) of the set ofblinded passwords 1-N. The set of passkey generators 1-N generate a setof passkeys 1-N based on the set of recovered random numbers e₁ throughe_(N) and the set of bpass 1-N values in accordance with an expressionpasskey x=(bpass x)^(e) _(x) modulo p. For example, passkey generator 1generates a passkey 1=9 when bpass 1=18, e₁=10, and p=23 since (18)¹⁰modulo 23=9. The set of passkey generators 1-N outputs the set ofpasskeys 1-N to the set of key regenerators 1-N (e.g., via the userdevice 14).

The key regenerators 1-N regenerate a set of keys 1-N based on the setof passkeys 1-N and the set of values v₁ through v_(N) in accordancewith an expression key x=(passkey x)^(v) _(x) modulo p. For example, keyregenerator 1 regenerates key 1 such that key 1=13 when passkey 1=9,v1=8, and p=23 since (9)⁸ modulo 23=13. The set of key regenerators 1-Noutput the set of keys 1-N to the set of decryptors 1-N.

The set of decryptors 1-N retrieves a set of encrypted shares 1-N fromthe memory 138. Alternatively, the set of decryptors 1-N facilitatesretrieving a set of a plurality of sets of encoded encrypted shareslices from the DSN memory and decoding the set of the plurality of setsof encoded encrypted share slices to reproduce the set of encryptedshares 1-N. The decryptors 1-N decrypt the set of encrypted shares 1-Nutilizing the set of keys 1-N in accordance with a decryption algorithmto produce encoded shares 1-N. Alternatively, the decryptors 1-N decryptthe encrypted shares 1-N to produce encoded data slices as the shares1-N. The decryption algorithm may function in accordance withoperational parameters and/or the security parameters of the tokendevice. For example, each of the decryptors 1-N utilizes substantiallythe same decryption algorithm in accordance with the operationalparameters and/or security parameters. Alternatively, at least two ofthe decryptors 1-N utilize a different decryption algorithm inaccordance with the operational parameters and/or the securityparameters. The decryptors 1-N output the set of encoded shares 1-N tothe share decoder 200.

The share decoder 200 decodes at least a decode threshold number ofencoded shares 1-N to recover the access information package 130 (e.g.,including the private key). The decoding may include at least one ofdispersed storage error decoding the encoded shares 1-N and decoding theencoded shares 1-N utilizing a secret sharing function to reproduce theaccess information package 130. For example, the share decoder 200decodes the set of encoded shares utilizing a Shamir secret sharingalgorithm. As another example, the share decoder 200 decodes at leastthe decode threshold number of encoded shares 1-N (e.g., encoded dataslices) in accordance with an error coding dispersal storage function toproduce the access information package 130. The method to retrievesecurely stored access information package 130 is discussed in greaterdetail with reference to FIG. 9.

Next, at least one of the share decoder 200 and the credential processor202 may validate the access information 140 utilizing the accessinformation hash digest 142. For example, the validating includescomparing the access information hash digest 142 to a calculated accessinformation hash digest of the access information 140 and indicatingthat the access information 140 as valid one the comparison is favorable(e.g., substantially the same). The credential processor 202 may nowutilize the private key of the access information 140 to produce thecertification signature in response to receiving the CSR from the userdevice 14.

FIG. 9 is a flowchart illustrating an example of retrieving accessinformation, which includes similar steps to FIG. 7B. The method beginsat step 210 where a processing module (e.g., of an authentication token)receives a certificate signing request (CSR) from a user deviceregarding a user, wherein the CSR includes user information regardingthe user. The method continues with step 188 of FIG. 7B where theprocessing module generates a set of hidden passwords based on the userinformation.

The method continues at step 214 where the processing module accesses aset of authenticating units to obtain a set of passkeys based on the setof hidden passwords and a set of random numbers. The accessing the setof authenticating units includes at least one of two alternative sets ofsteps. In a first step of a first alternative, the processing modulegenerates the set of random numbers. The generating the set of randomnumbers includes obtaining a set of base random numbers and expandingeach base random number of the set of base random numbers based onsecurity parameters to produce the set of random numbers. In a secondstep of the first alternative, the processing module generates a set ofblinded passwords based on the set of hidden passwords and the set ofrandom numbers. The generating the set of blinded passwords includes foreach random number of the set of random numbers, transforming acorresponding hidden password of the set of hidden passwords utilizing amask generating function and the random number to produce a blindedpassword of the set of blinded passwords. In a third step of the firstalternative, the processing module identifies the set of authenticatingunits based on the user information (e.g., a set of Internet protocol(IP) addresses). A fourth step of the first alternative, the processingmodule outputs the set of blinded passwords to set of identifiedauthenticating units (e.g., via a user device). In a fifth step of thefirst alternative, processing module receives the set of passkeys fromthe set of identified authenticating units (e.g., via the user device)in response to receiving the set of blinded passwords.

In a first step of a second alternative of accessing the set ofauthenticating units, the processing module generates the set of randomnumbers. In a second step of the second alternative processing modulegenerates the set of blinded passwords based on the set of hiddenpasswords and the set of random numbers. In a third step of the secondalternative, the processing module identifies the set of authenticatingunits based on the user information. In a fourth step of the secondalternative, the processing module retrieves (e.g., via user device) aset of recovered random numbers from the set of identifiedauthenticating units. The set of recovered random numbers correspond toanother set of random numbers stored in the set of identifiedauthenticating units by a managing unit. In a fifth step of the secondalternative, the processing module generates the set of passkeys basedon the set of blinded passwords and the set of recovered random numbers.The generating of a passkey includes transforming a correspondingblinded password utilizing a modulo function based on a correspondingrecovered random number of the set of recovered random numbers andsecurity parameters to produce the passkey. The generating of the set ofpasskeys may be performed by the set of authenticating units whenreceiving the set of passkeys from the set of identified authenticatingunits.

The method continues at step 216 where the processing module retrieves aset of encrypted shares based on the user information (e.g., from amemory of the authentication token where the memories associated with auser identifier (ID) of the user). The method continues at step 218where the processing module decrypts the set of encrypted shares basedon the set of passkeys and the set of random numbers to produce a set ofencoded shares. The decrypting the set of encrypted shares includesgenerating a set of encryption keys based on the set of passkeys and theset of random numbers. The generating includes generating a set ofvalues based on the set of random numbers and generating the set ofencryption keys based on the set of values and the set of passkeys. Thegenerating the set of values includes transforming the set of randomnumbers utilizing a modulo function based on security parameters toproduce the set of values. The generating the set of encryption keysbased on the set of values and the set of passkeys includes, for eachpasskey of the set of passkeys, transforming the passkey utilizing amodulo function based on security parameters and a corresponding valueof the set of values to produce an encryption key of the set ofencryption keys. The decrypting further includes decrypting the set ofencrypted shares utilizing the set of encryption keys to reproduce theset of encoded shares.

The method continues at step 220 where the processing module decodes, inaccordance with a share encoding function, the set of encoded shares torecapture a private key associated with the user. The decoding the setof encoded shares includes at least one of decoding the set of encodedshares using a secret share function as the share encoding function anddecoding the set of encoded shares using a dispersed storage errorencoding function as the share encoding function.

The method continues at step 222 where the processing module generates auser signed certificate based on the private key. The generating a usersigned certificate includes generating, on behalf of the user, acertification signature based on the private key and generating thesigned certificate based on a certificate of the CSR and thecertification signature such that the user device uses the signedcertificate to obtain a certificate authority signed certificate from acertificate authority to access a dispersed storage network. The methodcontinues at step 224 where the processing module discards the privatekey to substantially protect the private key from the user device. Forexample, the processing module deletes the private key from memory ofthe authentication token. The method continues at step 226 where theprocessing module outputs the user signed certificate to the userdevice.

The methods described above operate in accordance with mathematicalexpressions enabling generation of encryption keys utilized to encryptand decrypt shares of an access information package. The mathematicalexpressions may be further understood in consideration of the followingmathematical proof, wherein the proof illustrates that a recoveredencryption key (e.g., to decrypt an encrypted share) is substantiallyequivalent to an original encryption key (e.g., utilized to encrypt theshare to produce the encrypted share).

Proof—Recall that:b*v=1 mod q and p=2*q+1This proof will illustrate that:(MGF(password)^2)^(b*e*v)equals(MGF(password)^2)^e(modulo p)First, replace MGF(password) with X:(X^2)^(b*e*v)=(X^2)^(e)(modulo p)Note that:Since b*v=1 mod q, it follows that: b*v=n*q+1, for some integer n. Notethat (b*v)/q=n remainder 1.Therefore (b*v) can be substituted with (n*q+1) in the above expressionyielding:(X^2)^((n*q+1)*e)mod pSince p=2*q+1, taking p out of the formula, resulting in:(X^2)^((n*q+1)*e)mod(2*q+1)Since X^2 is raised to a power, simply take X to the power of twice theexponent:X^(2*(nq+1)*e)mod(2q+1)Which may be written as:X^((2nq+2)*e)mod(2q+1)Multiplying both parts by e:X^(2nqe+2e)mod(2q+1)Split these out as so:X^(2neq)*X^(2e)mod(2q+1)Re-write the first power of X:X^(2q*ne)*X^(2e)mod(2q+1)Which can also be written as:(X^(2q))^(ne)*X^(2e)mod(2q+1)Un-doing the substitution of p for 2q+1, find:(X^(p−1))^(ne)*X^(2e)mod pFermat's Little Theorem shows that for any prime number P, and anyinteger X, that:X^(P−1)=1 mod P,therefore (X^(p−1)) mod p=1 mod p. This yields:1^(ne)*X^(2e)mod pWhich is the same as:1*X^(2e)mod pWhich is this which is the same as the key:(X^2)^e mod pAs a numerical example:p=23q=(p−1)/2=11let e1=10let [mask generating function (common password)]^2=16key 1=16^e1 mod 23=13let b1=7bpass 1=16^7 mod 23=18passkey 1=bpass^e1 mod p=18^10 mod 23=9b*v=1 modulo qb1*v1=1 mod q7*v1=1 mod 11 note: 56 mod 11=1 so v1=8regen key 1=passkey1^v1 modulo p9^8 mod 23=13, which checks with the 13 calculated above for key 1,which is the key.

FIG. 10A is a diagram illustrating an example of an audit object 230structure. The audit object 230 includes fields for a plurality of auditrecords 1-R 232, a field for identifier (ID) information 234, and afield for integrity information 236. Each audit record field 232 of theaudit records 1-R 232 includes an audit record entry includinginformation related to transactions within a dispersed storage network(DSN). Audit record content is discussed in greater detail withreference to FIG. 10B. The ID information field 234 includes an IDinformation entry including an originator ID associated with the auditobject (e.g., an ID of an entity that created the audit object). Theintegrity information field 236 includes an integrity information entryincluding one or more of a device ID, a certificate chain, and asignature.

FIG. 10B is a diagram illustrating an example of an audit record 232structure. The audit record 232 includes a timestamp field 238, asequence number field 240, a type code field 242, a user identifier (ID)field 244, and a detailed message field 246. The timestamp field 238includes a timestamp entry including a creation timestamp associatedwith a date and/or a time when the audit record 232 was created. Thesequence number field 240 includes a sequence number entry including aunique monotonically increasing number associated with a transactionwithin a dispersed storage network (DSN). The type code field 242includes a type code entry including record type indicator (e.g., a dataaccess audit event or an authentication audit event). The user ID field244 includes a user ID entry including an identifier of one or moreprincipals (e.g., DSN system entities) associated with the audit recordcausing creation of the audit record. The detailed message field 246,when utilized, includes a detailed message entry including moreinformation associated with the audit record 232 including an operationtype (e.g., such as one of write, read, delete, login), a remote address(e.g., an Internet protocol address), a data object identifier, and atarget vault ID.

FIG. 10C is a flowchart illustrating an example of generating an auditobject. The method begins at step 248 where a processing module (e.g., adispersed storage (DS) processing unit) obtains a new audit record foran audit object. The obtaining includes at least one of generating thenew audit record and receiving the new audit record (e.g., from anydevice of a dispersed storage network (DSN) such as a DS unit). Themethod continues at step 250 where the processing module determineswhether the audit object is complete. The determination may be based oncomparing a number of audit records of the audit object to an auditrecord threshold. For example, the processing module determines that theaudit object is complete when the number of audit records of the auditobject is greater than the audit record threshold. The method loops backto step 248 when the processing module determines that the audit objectis not complete. The method continues to step 252 when the processingmodule determines that the audit object is complete.

The method continues at step 252 where the processing module aggregatesaudit records of the audit object within the audit object by generatingthe audit object to include the audit records. The method continues atstep 254 where the processing module generates identifier (ID)information. The generation includes at least one of utilizing an IDassociated with the processing module (e.g., originator), queryinganother device for the ID information, and receiving the ID information.The method continues at step 256 where the processing module generatesintegrity information. The generation includes one or more of obtaininga certificate, generating a signature of the certificate, andcalculating a hash of the audit object.

The method continues at step 258 where the processing module populatesfields of the audit object with the audit records, the ID information,and the integrity information. The method continues at step 260 wherethe processing module determines a name of the audit object. A format ofthe name may be consistent with a virtual DSN address associated withaccessing the audit object when stored as a plurality of audit objectslices in the DSN and may include a text string name, a sequence number,a timestamp when created, and a timestamp associated with when the auditobject may be deleted to enable a DS unit to autonomously delete astored audit object when it is time to delete the audit object. Themethod continues at step 262 where the processing module facilitatesstoring the audit object and the name of the audit object. Thefacilitation includes at least one of storing the audit object and thename of the audit object and sending the audit object and the name ofthe audit object to the DSN for storage therein.

FIG. 11A is a flowchart illustrating an example of creating a systemaudit trail vault. The audit trail vault may be utilized to store auditobjects in a dispersed storage network (DSN) memory. The method beginsat step 264 where a processing module (e.g., a dispersed storage (DS)managing unit) determines whether to create an audit trail vault. Thedetermination may be based on audit information availability and DSNsystem entity provisioning. For example, the processing moduledetermines to create the audit trail vault when an audit object has beencreated and is ready to be stored in the DSN memory. As another example,the processing module determines to create the audit trail vault when afirst DS unit is provisioned and ready for operation within the DSN. Themethod loops at step 264 when the processing module determines not tocreate the audit trail vault. The method continues to step 266 when theprocessing module determines to create the audit trail vault.

The method continues at step 266 where the processing module determinesvault parameters. The vault parameters includes one or more of allocatedstorage capacity, a pillar width, a decode threshold, a write threshold,a read threshold, a permissions list (e.g., write for all devices, readfor a manager and a security officer), and a deletion policy. Thedetermination may be based on one or more of a number of provisionedentities within the DSN, a number of active user devices, an audit trailvault provisioning policy, a lookup, a predetermination, and a message.

The method continues at step 268 where the processing module creates theaudit trail vault. The creation includes at least one of generating avault identifier (ID), generating a DSN address of the audit trailvault, updating a DSN address to DS unit location table to associate theDSN address of the audit trail vault to a set of DS units that areutilized to store the audit trail vault, and updating a directory toassociate the audit trail vault ID to the DSN address of the audit trailvault. The method continues at step 270 where the processing moduleupdates registry information to produce modified registry information.The update includes one or more of modifying the registry information toinclude the audit trail vault ID, pushing the modified registryinformation to system entities of the DSN, and sending the modifiedregistry information to system entities of the DSN based on receiving aregistry information request.

FIG. 11B is a flowchart illustrating an example of deleting an auditrecord. The method begins with either step 272 or step 274. At step 272,a processing module (e.g., of a dispersed storage (DS) unit) receives adelete audit record request (e.g., from a dispersed storage network(DSN) system entity). At step 274, the processing module identifies anaudit record to delete based on a timestamp. The processing modulemodifies the audit record to delete when a deletion timestamp is greaterthan a current time and/or when a difference between the current timeand a large record creation timestamp is greater than a deletion timethreshold. The processing module may obtain the timestamp based on atleast one of extraction of the timestamp from a name of an associatedaudit object and extraction of the timestamp from the audit record orthe audit object associated with the audit record.

The method continues at step 276 where the processing module determineswhether to delete the audit record. The determination may be based onone or more of comparing a deletion input (e.g., an audit record ID ofthe audit record to delete based on the delete audit record request orthe edification of the audit record to delete based on the timestamp) toa deletion policy, an audit record storage utilization level indicator,an audit record size indicator, and an audit vault utilization frequencylevel. For example, the processing module determines to not delete theaudit record when the deletion policy indicates to not delete auditrecords when the audit record storage utilization level is below a lowutilization threshold. As another example, the processing moduledetermines to delete the audit record when the deletion policy indicatesto delete audit records when the audit record storage utilization levelis above a low utilization threshold when a delete audit record requestis received or when an audit record timestamp indicates to delete theaudit record.

The method branches to step 280 when the processing module determines todelete the audit record. The method continues to step 278 when theprocessing module determines to not delete the audit record. The methodcontinues at step 278 where the processing module indicates an exceptionwhen the processing module determines to not delete the audit record.The processing module indicates the exception by at least one of sendinga message to a DS managing unit and sending a message to a requestingentity (e.g., that sent the delete audit record request).

The method continues at step 280 where the processing module deletes theaudit record when the processing module determines to delete the auditrecord. The deletion includes at least one of removing the audit recordfrom the associated audit object to produce a modified audit object,updating integrity information associated with the modified audit objectto produce modified integrity information, storing the modifiedintegrity information in the modified audit object, and storing themodified audit object in the DSN.

FIG. 12 is a flowchart illustrating an example of generating a storagerequest log record. The method begins with step 282 where a processingmodule (e.g., a dispersed storage (DS) processing unit) receives astorage request. The storage request includes a dispersed storagenetwork (DSN) access request including one of a write request, a readrequest, a delete request, and a login request. The method continues atstep 284 where the processing module extracts a remote address from thestorage request. The remote address is associated with the sendingentity of the storage request. The extracting includes interpreting amedia access control (MAC) address when Ethernet transport is utilizedand extracting an internet protocol address when an internet protocol isutilized.

The method continues at step 286 where the processing module determineswhether any principals are associated with the storage request. Thedetermination may be based on identifying one or more principalidentifiers (IDs) from the storage request. The method branches to step292 when the processing module determines that principals are associatedwith the storage request. The method continues to step 288 when theprocessing module determines that principals are not associated with thestorage request. The method continues at step 288 where the processingmodule facilitates authentication. The facilitation includes at leastone of verifying a user name and/or a password of the storage requestand initiating a transport layer security (TLS) handshake. The methodcontinues at step 290 where the processing module adds the principals toa session record for this request.

The method continues at step 292 where the processing module extracts anoperation type, an object ID, and a vault ID from the storage request.The method continues at step 294 where the processing module generatesan authorization status that indicates an authorized status when anauthorization level of the principals compares favorably to a requiredauthorization level of the storage request. The processing module mayreceive an access control list (ACL) from a DS managing unit and extractauthorization levels associated with the principals from the ACL. Theprocessing module generates the authorization status to indicate anun-authorized status when the authorization level the principalscompares unfavorably to the required authorization level of the storagerequest.

The method continues at step 296 where the processing module generates alog record that includes one or more of the remote address, theprincipals, the object ID, the vault ID, the authorization status, adevice ID, and a timestamp. The method continues at step 298 where theprocessing module facilitates storing the log record. The facilitationincludes at least one of generating an audit record, generating an auditobject, storing the audit record, sending the audit record to a DSprocessing unit to store the audit record in a DSN memory.

FIG. 13 is a flowchart illustrating an example of generating amanagement modification log record, which includes similar steps to FIG.12. The method begins at step 300 where a processing module (e.g., of adispersed storage (DS) managing unit) receives a change request. Thechange request includes at least one of a request to add a user deviceto a list of authorized users of a dispersed storage network (DSN), arequest to change access rights associated with a user device, a requestto create a new vault, and a request to delete an existing vault. Themethod continues at step 302 where the processing module extracts aremote address from the change request. The remote address is associatedwith the sending entity of the change request. The remote address may beextracted from the change request by interpreting a media access control(MAC) address when Ethernet transport is utilized and extracting aninternet protocol address when an internet protocol is utilized.

The method continues at step 304 where the processing module determineswhether any principals are associated with the change request. Thedetermination may be based on identifying one or more principalidentifiers (IDs) from the change request. The method branches to step306 when the processing module determines that principals are associatedwith the change request. The method continues to step 288 of FIG. 12when the processing module determines that principals are not associatedwith the change request. The method continues with steps 288-290 of FIG.12 where the processing module facilitates authentication and adds theprincipals to a session record for this request.

The method continues at step 306 where the processing module extracts anoperation type, a previous management record state, a new managementrecord state, and a vault ID from the change request. The methodcontinues at step 308 where the processing module generates anauthorization status that indicates an authorized status when anauthorization level of the principals compares favorably to a requiredauthorization level of the change request. The processing module mayreceive an access control list (ACL) from a DS managing unit and extractauthorization levels associated with the principals from the ACL. Theprocessing module generates the authorization status to indicate anun-authorized status when the authorization level the principalscompares unfavorably to the required authorization level of the changerequest. The method continues at step 310 where the processing modulegenerates a log record that includes one or more of the remote address,the principals, the vault ID, the authorization status, a device ID, anda timestamp. The method continues at step 298 of FIG. 12 where theprocessing module facilitates storing the log record.

FIG. 14 is a flowchart illustrating an example of transforming an auditrecord. The method begins at step 312 where a processing module (e.g., adispersed storage (DS) managing unit) determines an audit object toanalyze. The determining may be based on one or more of where ananalysis process left off last time, retrieving a next audit objectidentifier (ID), and receiving a message. The method continues at step314 where the processing module retrieves an audit object. Theretrieving includes one or more of performing a lookup to retrieve avault ID corresponding to the audit object, retrieving a plurality ofencoded audit object slices based on the vault ID, and decoding theplurality of encoded audit object slices to produce the audit object.

The method continues at step 316 where the processing module verifiesintegrity of the audit object. The verifying includes comparingintegrity information extracted from the audit object to calculatedintegrity information based on a remaining portion of the audit object.The processing module verifies the integrity of the audit object whenthe comparison is favorable (e.g., substantially the same). The methodcontinues at step 318 where the processing module extracts a set ofaudit records from the audit object. The method continues at step 320where the processing module transforms the set of audit recordsutilizing a transformation function into at least one transformedrecord. The transformation function includes converting the set of auditrecords into the at least one transformed record in accordance with atleast one of a comma separated values (CSV) file format and a structuredquery language (SQL) format.

The method continues at step 322 where the processing module facilitatesstoring the at least one transformed record. The facilitating includesat least one of dispersed storage error encoding the at least onetransformed record to produce a plurality of sets of transformed recordslices and sending the plurality of sets of transformed record slices toa dispersed storage network (DSN) memory for storage therein, andsending the at least one transformed record to a DS processing unit forstoring the at least one transformed record as the plurality of sets oftransformed record slices in the DSN memory.

FIG. 15A is a flow chart illustrating an example of locking access. Themethod begins at step 324 where a processing module (e.g., of anydispersed storage network (DSN) system entity such as a dispersedstorage (DS) unit) detects a failed attempt. The detecting may be basedon one or more of determining that a requesting entity of a DSN accessrequest is not authorized to perform an action associated with theaccess request and determining that an expected challenge response wasnot received from the requesting entity. The method continues at step326 where the processing module generates a new failed attempt entry toupdate a failed attempt table. The failed attempt table includes anaccount number associated with the requesting entity and a list oftimestamp corresponding to previous failed attempts. The new failedattempt entry includes a current timestamp corresponding to the failedattempt.

The method continues at step 328 of the processing module determineswhether to lock the account (e.g., of the requesting entity) associatedwith the failed attempt. The determining may be based on comparing anumber of previous failed attempts of the account to a failed attemptthreshold. For example, the processing module determines to lock theaccount when the number of previous failed attempts is greater than thefailed attempt threshold. The method loops back to step 324 when theprocessing module determines not to lock the account. The methodcontinues to step 330 when the processing module determines to lock theaccount.

The method continues at step 330 where the processing module rejects thefailed attempt on the processing module determines to lock the account.The rejecting includes at least one of sending a rejection message tothe requesting entity and sending the rejection message to a DS managingunit. The method continues at step 332 where the processing module setsthe account status to locked. The setting includes updating an accountstatus table to include a timestamp corresponding to lock in theaccount, wherein the account status table includes one or more accountnumbers and a timestamp corresponding to each of the one more accountnumbers of when the account was locked or unlocked.

FIG. 15B is a flowchart illustrating an example of unlocking access. Themethod begins at step 334 where a processing module (e.g., of anydispersed storage network (DSN) system entity such as a dispersedstorage (DS) unit) receives unlock information (e.g., from a DS managingunit). The unlock information includes an account number and a timestampcorresponding to when the account was unlocked. The method continues atstep 336 where the processing module purges failed attempt entries witha timestamp less than an unlock timestamp of the unlock information foreach matching account in a failed attempt table. As such, going forward,the system entity stores new failed attempt information in the failedattempt table subsequent to receiving the unlock information.

FIG. 16A is a schematic block diagram of an embodiment of anauthentication system that includes a managing unit 340, a certificateauthority (CA) 342, a device 344, a set of authentication units 346, anda dispersed storage network (DSN) 348. The managing unit 340 may beimplemented utilizing at least one of a managing server, the certificateauthority 342, a computing device, and a dispersed storage (DS) managingunit. The certificate authority 342 may be implemented utilizing atleast one of the managing units 340, a managing server, and DS managingunit. For example, the certificate authority 342 is implemented as partof the managing unit 340. The device 344 includes at least one of a userdevice, a DS processing unit, a DS unit, a storage integrity processingunit, a server, and a computing device. The set of authentication units346 includes two or more authentication units 350. An authenticationunit 350 may be implemented utilizing at least one of a user device, aDS processing unit, and a DS unit. DSN 348 includes one or more of auser device, a DS processing unit, a DSN memory, a DS unit, a storageintegrity processing unit, a DS managing unit, the managing unit 340,the certificate authority 342, the device 344, and the set ofauthentication units 346. For example, DSN 348 includes the set ofauthentication units 346 when the two or more authentication units 350are implemented utilizing two or more DS units of the DSN 348.

The system functions to facilitate authenticating of device 344 toenable subsequent provisioning of a signed certificate for the device344 to access the DSN 348. The managing unit 340 functions to generate atemporary public-private key pair for the device 344. For example, themanaging unit 340 utilizes a public key infrastructure (PKI) keygeneration approach to generate the temporary public-private key pairthat includes a temporary private key 356 and a temporary public-key.The managing unit 340 generates, for the device 344, a restricted usecertificate 352 that includes the temporary public key of the temporarypublic-private key pair. The restricted use certificate 352 may alsoinclude one or more of a subject identifier (ID) of the device 344 and arestriction indicator. The restriction indicator indicates one or morerestrictions associated with the restricted use certificate 352. Therestrictions include one or more of use once to change the temporarypublic-private key pair, use once to change the temporary password, canonly access managing unit 340 or the certificate authority 342, and arestricted limited time period of use (e.g., next 24 hours).

The managing unit 340 generates a temporary password 354 for the device344. The generation includes at least one of generating a randomalphanumeric string of a predetermined number of characters, retrievingthe temporary password from a temporary password list, and receiving thetemporary password (e.g., from an add a new user process, from a reset auser password process). The managing unit 340 encodes, in accordancewith a distributed authentication protocol and using the temporarypassword 354, the temporary private key 356 of the temporarypublic-private key pair to produce a set of encoded private key shares.The managing unit 340 encodes, in accordance with the distributedauthentication protocol and using the temporary password 354, therestricted use certificate 352 to produce a set of encoded certificateshares.

The managing unit 340 outputs the set of encoded private key shares asthe temporary private key 356 and outputs the set of encoded certificateshares as the restricted use certificate 352 to the set ofauthentication units 346. Alternatively, or in addition to, the managingunit 340 stores the encoded private key shares and/or the encodedcertificate shares in one or more of a token device memory, a localmemory, a memory of device 344, and DSN memory of the DSN 348. Themanaging unit 340 outputs the temporary password 354 to the device 344such that, when the device 344 retrieves the set of encoded private keyshares as the temporary private key 356 and the set of encodedcertificate shares as the restricted use certificate 352 from the set ofauthentication units 346, the device 344 is able to recapture thetemporary private key 356 and the restricted use certificate 352 toobtain a signed certificate for accessing the DSN 348. The outputting ofthe temporary password 354 includes at least one of electronicallytransferring the temporary password 354 to the device 344, displayingthe temporary password 354 on a user output associated with the managingunit 340, and storing the temporary password 354 in a memory accessibleby the device 344 (e.g., a memory stick).

The device 344 obtains the temporary password 354 associated with thetemporary public-private key pair. The obtaining includes at least oneof facilitating receiving the temporary password 354 from a user inputassociated with the device 344, initiating a query, retrieving from amemory, and receiving. The device 344 retrieves the set of encodedprivate key shares as the temporary private key 356 and the set ofencoded certificate shares as the restricted use certificate 352 fromthe set of authentication units 346 based on the temporary password 354.

The device 344 requests authentication with the certificate authority342 based on the restricted use certificate 352 and the temporaryprivate key 356. The requesting authentication includes generating acertification signature for the restricted use certificate 352 utilizingthe temporary private key 356 to produce a signed restricted usecertificate, generating an authentication request 358 that includes thesigned restricted use certificate, outputting the authentication request358 to the certificate authority 342, and receiving an authenticationresponse 360 that includes an authentication response. Theauthentication response includes at least one of an authenticationconfirmation or an authentication denial.

When authenticated by the certificate authority 342, the device 344generates a public-private key pair (e.g., a new key pair to replace thetemporary public-private key pair). The device 344 generates acertificate signing request (CSR) 362 that includes at least one of apublic key of the public-private key pair and a certification signatureof the CSR utilizing a private key of the public-private key pair. Thedevice 344 outputs the CSR 362 to the certificate authority 342. Thecertificate authority 342 authenticates the CSR 362 utilizing thepublic-key of the public-private key pair. When authenticated, thecertificate authority 342 generates a certificate authority signedcertificate 364. The device 344 receives, from the certificateauthority, the CA signed certificate 364. The device 344 generates anaccess request 366 using the CA signed certificate 364 to access theDSN.

FIG. 16B is a schematic block diagram of another embodiment of anauthentication system that includes computing devices 370-372, acertificate authority 342, a set of authentication units 346, and a DSN348. The set of authentication units 346 includes two or moreauthentication units 350. The computing device 370 may be utilized toimplement a managing unit (e.g., a dispersed storage (DS) managing unit)and computing device 372 may be utilized to implement a device (e.g., auser device, a DS processing unit, etc.). The computing device 370includes a DS module 374 and computing device 372 includes a DS module376. The DS module 374 includes a generate temporary information module378, an encode key module 380, an encode certificate module 382, and anoutput module 384. The DS module 376 includes an obtain temporaryinformation module 386, an authentication module 388, an acquirecertificate module 390, and a save access information module 392.

The generate temporary information module 378 generates a temporarypublic-private key pair for computing device 372. The generate temporaryinformation module 378 may generate the temporary public-private keypair utilizing a public key infrastructure (PKI) approach such that thepublic-private key pair includes a temporary public key and a temporaryprivate key 356. The generate temporary information module 378generates, for the computing device 372, a restricted use certificate352 that includes the temporary public key of the temporarypublic-private key pair. The generate temporary information module 378generates the restricted use certificate 352 by generating therestricted use certificate 352 to include the temporary public key ofthe temporary public-private key pair and at least one of, a subjectidentifier (ID) field value that includes an authenticating device ID, anumber of uses field value (e.g., 1), a time validity indicator (e.g., 1day), an issuer universally unique identifier (UUID) (e.g., of computingdevice 370, of the certificate authority 342), an algorithm ID, anissuer name (e.g., of computing device 370, of the certificate authority342), and a public key algorithm.

The generate temporary information module 378 generates a temporarypassword 354 for the computing device 372. The generating includes atleast one of generating a random alphanumeric string of a predeterminednumber of characters, retrieving the temporary password 354 from atemporary password list, and receiving the temporary password 354 (e.g.,from an add a new user process, from a reset a user password process).

The encode key module 380 encodes, in accordance with a distributedauthentication protocol and using the temporary password 354, thetemporary private key 356 and of the temporary public-private key pairto produce a set of encoded private key shares 394. The encode keymodule 380 encodes the temporary private key 356 utilizing a series ofsteps. In a first step, the encode key module 380 applies a shareencoding function on the temporary private key 356 to produce a set ofencoded shares. In a second step, the encode key module 380 generates aset of random numbers. In a third step, the encode key module 380generates a set of hidden passwords based on the temporary password 354.In a fourth step, for each encoded share of the set of encoded shares,the encode key module 380 generates an encryption key based on acorresponding one of the set of hidden passwords and a corresponding oneof the set of random numbers and encrypts the encoded share utilizingthe encryption key to produce an encrypted share. In a fifth step, theencode key module 380 groups the set of random numbers and a set of theencrypted shares to produce the set of encoded private key shares 394.

The encode certificate module 382 encodes, in accordance with thedistributed authentication protocol and using the temporary password354, the restricted use certificate to produce a set of encodedcertificate shares 396. The encode certificate module 382 encodes therestricted use certificate 352 utilizing a series of steps. In a firststep, the encode certificate module 382 applies the share encodingfunction on the restricted use certificate to produce a set of encodedshares. In a second step, the encode certificate module 382 generates aset of random numbers (e.g., or utilizes the random numbers utilized inassociation with the encoding of the set of encoded private key shares394). In a third step, the encode certificate module 382 generates a setof hidden passwords (e.g., or utilizes the hidden passwords utilized inassociation with the encoding of the set of encoded private key shares394) based on the temporary password 354. In a fourth step, for eachencoded share of the set of encoded shares, the encode certificatemodule 382 generates an encryption key (e.g., or utilizes acorresponding encryption key utilized in association with the encodingof the set of encoded private key shares 394) based on a correspondingone of the set of hidden passwords and a corresponding one of the set ofrandom numbers and encrypts the encoded share utilizing the encryptionkey to produce an encrypted share. In a fifth step, the encodecertificate module 382 groups the set of random numbers and a set of theencrypted shares to produce the set of encoded certificate shares.

The output module 384 outputs the set of encoded private key shares 394and the set of encoded certificate shares 396 to the set ofauthentication units 346. Alternatively, or in addition to, the outputmodule 384 stores the encoded private key shares 394 and/or the encodedcertificate shares 396 in one or more of a token device memory, a localmemory, a memory of computing device 372, and DSN memory of the DSN 348.The output module 384 outputs the temporary password 354 to thecomputing device 372 such that, when the computing device 372 retrievesthe set of encoded private key shares 394 and the set of encodedcertificate shares 396 from the set of authentication units 346, thecomputing device 372 is able to recapture the temporary private key 356and the restricted use certificate 352 to obtain a signed certificatefor accessing the DSN 348.

With regards to accessing the DSN 348 by the computing device 372, theobtain temporary information module 386 obtains the temporary password354 associated with the temporary public-private key pair. The obtainingincludes at least one of facilitating receiving the temporary password354 from a user input associated with the computing device 372,initiating a query, retrieving from a memory, and receiving fromcomputing device 370. The obtain temporary information module 386retrieves the set of encoded private key shares 394 and the set ofencoded certificate shares 396 from the set of authentication units 346based on the temporary password 354.

The obtain temporary information module 386 retrieves the set of encodedprivate key shares 394 utilizing a series of steps. In a first step, theobtain temporary information module 386 regenerates the set of hiddenpasswords based on the temporary password 354. In a second step, theobtain temporary information module 386 generates a set of blindedpasswords 398 based on the set of hidden passwords and a set of blindedrandom numbers. The obtain temporary information module 386 generatesthe set of blinded random numbers by obtaining a set of base randomnumbers and expanding each base random number of the set of base randomnumbers based on security parameters to produce the set of blindedrandom numbers. In a third step, the obtain temporary information module386 outputs the set of blinded passwords 398 to the set ofauthentication units 346. In a fourth step, the obtain temporaryinformation module 386 receives a set of passkeys 400 from the set ofauthentication units 346. Each authentication unit 350 of the set ofauthentication units 346 generates a passkey of the set of passkeys 400based on a corresponding blinded password of the set of blindedpasswords 398 and a recovered random number of a set of recovered randomnumbers (e.g., retrieved from a memory of the authentication unit 350).In a fifth step, the obtain temporary information module 386 generates aset of decryption keys based on the set of blinded random numbers andthe set of passkeys 400. In a sixth step, the obtain temporaryinformation module 386 retrieves the set of encrypted shares, previouslystored as the set of encoded private key shares 394, from the set ofauthentication units 346. In a seventh step, the obtain temporaryinformation module 386 decrypts the set of encrypted shares utilizingthe set of decryption keys to produce a set of shares. In an eight step,the obtain temporary information module 386 decodes the set of shares toreproduce the temporary private key 356.

The obtain temporary information module 386 retrieves the set of encodedcertificate shares utilizing a series of steps. In a first step, theobtain temporary information module 386 regenerates the set of hiddenpasswords based on the temporary password 354. Alternatively, the obtaintemporary information module 386 utilizes the set of hidden passwordsgenerated with regards to retrieving the set of encoded private keyshares 394. In a second step, the obtain temporary information module386 generates a set of blinded passwords 398 based on the set of hiddenpasswords and the set of blinded random numbers. Alternatively, theobtain temporary information module 386 utilizes the set of blindedpasswords 398 generated with regards to retrieving the set of encodedprivate key shares 394. In a third step, the obtain temporaryinformation module 386 outputs the set of blinded passwords 398 to theset of authentication units 346. In a fourth step, the obtain temporaryinformation module 386 receives a set of passkeys 400 from the set ofauthentication units 346. Alternatively, the obtain temporaryinformation module 386 utilizes the set of passkeys 400 received withregards to retrieving the set of encoded private key shares 394. Eachauthentication unit 350 of the set of authentication units 346 generatesa passkey of the set of passkeys 400 based on a corresponding blindedpassword of the set of blinded passwords 398 and a recovered randomnumber of a set of recovered random numbers (e.g., retrieved from amemory of the authentication unit 350).

In a fifth step of retrieving the set of encoded certificate shares, theobtain temporary information module 386 generates a set of decryptionkeys based on the set of blinded random numbers and the set of passkeys400. Alternatively, the obtain temporary information module 386 utilizesthe set of decryption keys generated with regards to retrieving the setof encoded private key shares 394. In a sixth step, the obtain temporaryinformation module 386 retrieves the set of encrypted shares, previouslystored as the set of encoded certificate shares 396, from the set ofauthentication units 346. In a seventh step, the obtain temporaryinformation module 386 decrypts the set of encrypted shares utilizingthe set of decryption keys to produce a set of shares. In an eight step,the obtain temporary information module 386 decodes the set of shares toreproduce the restricted use certificate 352.

The authentication module 388 requests authentication with thecertificate authority 342 based on the restricted use certificate 352and the temporary private key 356. The authentication module 388requests authentication with the certificate authority 342 by generatinga certification signature of the restricted use certificate 352utilizing the temporary private key 356 to produce a signed restricteduse certificate, generating an authentication request 358 that includesthe signed restricted use certificate, outputting the authenticationrequest 358 (e.g., that includes the signed restricted use certificate)to the certificate authority 342, and receiving an authenticationresponse 360 from the certificate authority 342 that includes anauthentication confirmation (e.g., indicating whether the computingdevice 372 is authenticated).

When authenticated by the certificate authority, the acquire certificatemodule 390 generates a public-private key pair (e.g., new keys). Theacquire certificate module 390 outputs a certificate signing request(CSR) 362 to the certificate authority 342. The CSR 362 includes acertificate, which in turn, includes a public key of the public-privatekey pair. The acquire certificate module 390 receives, from thecertificate authority, a CA signed certificate 364 of the certificate.The acquire certificate module 390 is further operable to generate arequest to access 366 the DSN 348 utilizing the CA signed certificate364.

The save access information module 392 generates a device password forthe computing device 372 (e.g., a new password). The save accessinformation module 392 encodes, in accordance with the distributedauthentication protocol and using the device password, a private key 402of the public-private key pair to produce a set of encoded private keyshares 404. The save access information module 392 encodes, inaccordance with the distributed authentication protocol and using thepassword, the CA signed certificate 364 to produce a set of encodedcertificate shares 406. The save access information module 392 outputsthe set of encoded private key shares 404 and the set of encodedcertificate shares 406 to the set of authentication units 346 forstorage therein.

FIG. 16C is a flow chart illustrating an example of generating temporaryaccess rights. The method begins at step 410 where a processing module(e.g., of a managing unit) generates a temporary public-private key pairfor a device. The method continues at step 412 where the processingmodule generates, for the device, a restricted use certificate thatincludes a temporary public key of the temporary public-private keypair. The generating the restricted use certificate includes generatingthe restricted use certificate to include the temporary public key ofthe temporary public-private key pair and at least one of a subjectidentifier (ID) field value that includes an authenticating device ID, anumber of uses field value, a time validity indicator, an issueruniversally unique identifier (UUID), an algorithm ID, an issuer name,and public key algorithm.

The method continues at step 414 where the processing module generates atemporary password for the device. The generation includes at least oneof generating a random alphanumeric string of a predetermined number ofcharacters, retrieving the temporary password from a temporary passwordlist, and receiving the temporary password (e.g., from an add a new userprocess, from a reset a user password process).

The method continues at step 416 where the processing module encodes, inaccordance with a distributed authentication protocol and using thetemporary password, a temporary private key of the temporarypublic-private key pair to produce a set of encoded private key shares.The encoding the temporary private key in accordance with thedistributed authentication protocol includes a sequence of severalsteps. In a first step, the processing module applies a share encodingfunction on the temporary private key to produce a set of encodedshares. The share encoding function includes at least one of a dispersedstorage error encoding function and a secret sharing function (e.g., aShamir secret sharing algorithm). In a second step, the processingmodule generates a set of random numbers. For example, the processingmodule generates each random number of the set of random numbers to havea same number of bits as a number of bits of p, where p is determined bysecurity parameters (e.g., of dispersed storage error codingparameters).

In a third step of encoding the temporary private key, the processingmodule generates a set of hidden passwords based on the temporarypassword. The generating of the set of hidden passwords includestransforming the temporary password in accordance with a set oftransformation functions to produce a set of transformed authenticatingvalues and for each password of the corresponding set of hiddenpasswords, combining, in accordance with a combining function, one ofthe set of transformed authenticating values with at least one of aconstant and another one of the set of transformed authenticating valuesto produce the password. The transformation function includes at leastone of a null function, a concatenation function, an inverting function,a hashing function, an encryption function, a compressing function, anda mask generating function. The combining function includes at least oneof an addition function, a subtraction function, a multiplicationfunction, a division function, a logical exclusive OR function, alogical OR function, and a logical AND function. In an instance, eachhidden password is unique from all the other hidden passwords. Inanother instance, each hidden password is substantially the same as allthe other hidden passwords.

In a fourth step of encoding the temporary private key, for each encodedshare of the set of encoded shares, the processing module generates anencryption key based on a corresponding one of the set of hiddenpasswords and a corresponding one of the set of random numbers andencrypts the encoded share utilizing the encryption key to produce anencrypted share. The encryption key includes a same number of bits as anumber of bits of p. For example, the processing module generates theencryption key by transforming an expansion of the corresponding one ofthe set of hidden passwords utilizing a mask generating function (MGF)and the corresponding one of the set of random numbers in accordancewith the expression: key x=((MGF (hidden password))²)^(e) _(x) modulo p,where ^(e) _(x) is the corresponding one random number. In a fifth stepof encoding the temporary private key, the processing module groups theset of random numbers and a set of the encrypted shares to produce theset of encoded private key shares.

The method continues at step 418 where the processing module encodes, inaccordance with the distributed authentication protocol and using thetemporary password, the restricted use certificate to produce a set ofencoded certificate shares. The encoding the restricted use certificatein accordance with the distributed authentication protocol includesanother sequence of several steps. In a first step, the processingmodule applies the share encoding function on the restricted usecertificate to produce another set of encoded shares. Alternatively, theprocessing module encodes the temporary private key and the restricteduse certificate substantially simultaneously. For example, theprocessing module combines the temporary private key and the restricteduse certificate and applies the share encoding function on thecombination to produce the set of encoded shares. In a second step, theprocessing module generates another set of random numbers.Alternatively, the processing module utilizes the set of random numbers.

In a third step of encoding the restricted use certificate, theprocessing module generates another set of hidden passwords based on thetemporary password. The generating of the other set of hidden passwordsincludes transforming the temporary password in accordance with the setof transformation functions to produce another set of transformedauthenticating values and for each password of the corresponding otherset of hidden passwords, combining, in accordance with the combiningfunction, one of the other set of transformed authenticating values withat least one of a constant and another one of the other set oftransformed authenticating values to produce the other hidden password.In an instance, each other hidden password is unique from all the hiddenpasswords of the other set of hidden passwords and the set of hiddenpasswords. In another instance, each other hidden password issubstantially the same as all the other hidden passwords of the otherset of hidden passwords and the set of hidden passwords.

In a fourth step of encoding the restricted use certificate, for eachother encoded share of the other set of encoded shares, the processingmodule generates another encryption key based on a corresponding one ofthe other set of hidden passwords and a corresponding one of the otherset of random numbers and encrypts the other encoded share utilizing theother encryption key to produce another encrypted share. The otherencryption key includes a same number of bits as a number of bits of p.In a fifth step of encoding the restricted use certificate, theprocessing module groups the other set of random numbers and another setof the other encrypted shares to produce the set of encoded certificateshares.

The method continues at step 420 with the processing module outputs theset of encoded private key shares and the set of encoded certificateshares to a set of authentication units. The method continues at step422 where the processing module outputs the temporary password to thedevice such that, when the device retrieves the set of encoded privatekey shares and the set of encoded certificate shares from the set ofauthentication units, the device is able to recapture the temporaryprivate key and the restricted use certificate to obtain a signedcertificate for accessing a distributed storage network (DSN).

FIG. 16D is a flowchart illustrating an example of acquiring accesscredentials. The method begins at step 424 or a processing module (e.g.,of a device) obtains a temporary password associated with a temporarypublic-private key pair. The obtaining includes at least one ofretrieving from a memory, receiving from a managing unit, receiving froma user interface input. The method continues at step 426 where theprocessing module retrieves a set of encoded private key shares and aset of encoded certificate shares from a set of authentication unitsbased on the temporary password. The temporary private key of thetemporary public-private key pair is encoded using a distributedauthentication protocol and the temporary password to produce the set ofencoded private key shares and a restricted use certificate is encodedusing the distributed authentication protocol and the temporary passwordto produce the set of encoded certificate shares.

The retrieving the set of encoded private key shares includes a sequenceof several steps. In a first step, the processing module generates a setof hidden passwords based on the temporary password. In a second step,the processing module generates a set of blinded passwords based on theset of hidden passwords and a set of blinded random numbers. The set ofblinded passwords are generated such that each blinded password includesa same number of bits as a number of bits of a security parameter p. Forexample, the processing module generates the set of blinded passwords bytransforming an expansion of each hidden password of the set of hiddenpassword into the same number of bits as the security parameter constantp utilizing a mask generating function (MGF) and a corresponding one ofthe set of blinded random numbers in accordance with the expressionblinded password x=((MGF(hidden password x))²)^(b) _(x) modulo p, where^(b) _(x) is a blinded random number x.

In a third step of retrieving the set of encoded private key shares, theprocessing module outputs the set of blinded passwords to the set ofauthentication units in the fourth step, the processing module receivesa set of passkeys from the set of authentication units. Eachauthentication unit of the set of authentication units generates apasskey of the set of passkeys based on a corresponding blinded passwordof the set of blinded passwords and a recovered random number of a setof recovered random numbers. For example, an authentication unit of theset of authentication units generates the passkey of the set of passkeysbased on the corresponding blinded password of the set of blindedpasswords and the recovered random number of the set of recovered randomnumbers in accordance with an passkey x=(blinded password x)^(e) _(x)modulo p, where ^(e) _(x) is the corresponding recovered random number.

In a fourth step of retrieving the set of encoded private key shares,the processing module generates a set of decryption keys based on theset of blinded random numbers and the set of passkeys. The generatingincludes generating a set of values based on the set of blinded randomnumbers and generating the set of decryption keys based on the set ofvalues and the set of passkeys. The generating the set of valuesincludes transforming the set of blinded random numbers utilizing amodulo function based on security parameters to produce the set ofvalues. The generating the set of decryption keys based on the set ofvalues and the set of passkeys includes, for each passkey of the set ofpasskeys, transforming the passkey utilizing a modulo function based onsecurity parameters and a corresponding value of the set of values toproduce a decryption key of the set of decryption keys.

In a fifth step of retrieving the set of encoded private key shares, theprocessing module retrieves a set of encrypted shares from the set ofauthentication units. For example, the processing module identifies theset of encrypted shares, generates a set of encrypted share requeststhat includes identity of the set of encrypted shares, outputs the setof encrypted share requests to the set of authenticating units, andreceives the set of encrypted shares from the set of authenticationunits. In a sixth step, the processing module decrypts the set ofencrypted shares utilizing the set of decryption keys to produce a setof shares. In a seven step, the processing module decodes the set ofshares to reproduce the temporary private key.

The retrieving the set of encoded certificate shares includes anothersequence of steps. In a first step, processing module generates anotherset of hidden passwords based on the temporary password. Alternatively,processing module utilizes the set of hidden passwords. In a secondstep, the processing module generates another set of blinded passwordsbased on the other set of hidden passwords and another set of blindedrandom numbers. Alternatively, the processing module utilizes the set ofblinded passwords.

In a third step of retrieving the set of encoded certificate shares, theprocessing module outputs the other set of blinded passwords to the setof authentication units. In a fourth step, the processing modulereceives another set of passkeys from the set of authentication units.In a fourth step, the processing module generates another set ofdecryption keys based on the other set of blinded random numbers and theother set of passkeys. Alternatively, the processing module utilizes theset of decryption keys. The generating includes generating another setof values based on the other set of blinded random numbers andgenerating the other set of decryption keys based on the other set ofvalues and the other set of passkeys. The generating the other set ofvalues includes transforming the other set of blinded random numbersutilizing a modulo function based on the security parameters to producethe other set of values. The generating the other set of decryption keysbased on the other set of values and the other set of passkeys includes,for each passkey of the other set of passkeys, transforming the passkeyutilizing a modulo function based on the security parameters and acorresponding value of the other set of values to produce a decryptionkey of the other set of decryption keys.

In a fifth step of retrieving the set of encoded certificate shares, theprocessing module retrieves another set of encrypted shares from the setof authentication units. For example, the processing module identifiesthe other set of encrypted shares, generates another set of encryptedshare requests that includes identity of the other set of encryptedshares, outputs the other set of encrypted share requests to the set ofauthenticating units, and receives the other set of encrypted sharesfrom the set of authentication units. In a sixth step, the processingmodule decrypts the other set of encrypted shares utilizing the otherset of decryption keys to produce another set of shares. In a sevenstep, the processing module decodes the other set of shares to reproducerestricted use certificate.

The method continues at step 428 where the processing module requestsauthentication with a certificate authority based on the restricted usecertificate and the temporary private key. The requesting authenticationwith the certificate authority includes generating a certificationsignature of the restricted use certificate utilizing the temporaryprivate key to produce a signed restricted use certificate, outputtingthe signed restricted use certificate to the certificate authority, andreceiving an authentication confirmation from the certificate authority.When authenticated by the certificate authority, the method continues atstep 430 where the processing module generates a public-private key pair(e.g., new keys). The method continues at step 432 where the processingmodule outputs a certificate signing request (CSR) to the certificateauthority (CA), wherein the CSR includes a certificate, which in turn,includes a public key of the public-private key pair. The methodcontinues at step 434 where the processing module receives, from thecertificate authority, a CA signed certificate of the certificate. Themethod continues at step 436 where the processing module generates arequest to access a dispersed storage network (DSN) utilizing the CAsigned certificate.

The method continues at step 438 where the processing module generates adevice password for the device (e.g., a new password). The methodcontinues at step 440 where the processing module encodes, in accordancewith the distributed authentication protocol and using the devicepassword, a private key of the public-private key pair to produce a setof encoded private key shares. The method continues at step 442 wherethe processing module encodes, in accordance with the distributedauthentication protocol and using the temporary password, the CA signedcertificate to produce a set of encoded certificate shares. The methodcontinues at step 444 where the processing module outputs the set ofencoded private key shares and the set of encoded certificate shares tothe set of authentication units for storage therein.

FIG. 17A is a schematic block diagram of another embodiment of acomputing system that includes a dispersed storage (DS) processing 34and a dispersed storage network (DSN) memory 22. The DSN memory 22includes a plurality of DS units 36. Each DS unit 36 of the plurality ofDS units 36 includes a DS processing 34 and a memory 450. The memory 450may be utilized to store slices 452 and integrity values 454. In anexample of operation, data 456 is received by the DS processing 34. TheDS processing 34 encodes a portion of the data 456 utilizing a dispersedstorage error coding function to produce at least one set of encodeddata slices 452. The utilization of the dispersed storage error codingfunction includes utilizing a pillar width parameter n and a decodethreshold parameter. The at least one set of encoded data slices 452includes a pillar width number n of encoded data slices (e.g., slices1-n). Next, the DS processing 34 outputs the at least one set of slices452 to a corresponding set of DS units 36 of the plurality of DS units36. The outputting includes identifying the set of DS units 36 based onat least one of a storage set list, a predetermination, and a DS unitperformance level.

The DS processing 34 generates a set of integrity values 454corresponding to the at least one set of encoded data slices 452. Thegenerating includes applying a deterministic function to a correspondingencoded data slice of the at least one set of encoded data slices 452 toproduce a corresponding integrity value of the set of integrity values454. The deterministic function includes at least one of a hashingfunction, a cyclic redundancy check (CRC) function, a hash-based messageauthentication code (HMC) function, and a masked generating function(MGF). The set of integrity values 454 includes an integrity value foreach encoded data slice of the at least one set of encoded data slices452. For example, the set of integrity values 454 includes an integrityvalue for each encoded data slice of a set of encoded data slices 1-16when the pillar width is 16 and the set of encoded data slices 452includes 16 encoded data slices.

The DS processing 34 outputs the set of integrity values 454 to each DSunit 36 of the set of DS units 36. For each DS unit 36 of the set of DSunits 36, a DS unit receives an encoded data slice of the at least oneset of encoded data slices 452 and stores the encoded data slice inmemory 450 associated with the DS unit. The DS unit receives the set ofintegrity values 454 and stores the set of integrity values 454 in thememory 450. As such, each DS unit 36 of the set of DS units 36 storesthe set of integrity values 454 pertaining a corresponding encoded dataslice stored in the DS unit and to other encoded data slices of the atleast one set of encoded data slice 452. The DS unit may subsequentlyutilize an integrity value of the set of integrity values stored inmemory 450 that pertains to the corresponding encoded data slice andretrieve an integrity value from other DS units of the set of DS units36 that pertains to the corresponding encoded data slice to validate thecorresponding encoded data slice. The validation method is discussed ingreater detail with reference to FIG. 17B-C.

FIG. 17B is a schematic block diagram of another embodiment of acomputing system that includes a computing device 462 and a dispersedstorage network (DSN) memory 22. The DSN memory 22 includes a pluralityof dispersed storage (DS) units 36. The computing device 462 may beimplemented as at least one of a DS unit, a DS processing unit, and auser device. The computing device 462 includes a DS module 464 and amemory 450. The DS module 464 includes a selection module 466, anintegrity information module 468, an analysis module 470, and anidentification module 472.

When operable, the system functions to detect intentional corruption ofa data slice 474 stored in the memory 450. The intentional corruption ofthe data slice 474 may accompany a corresponding intentional corruptionof local integrity information 476 associated with the data slice 474.The system may become operable for a variety of reasons including one ormore of when detecting an unauthorized changing of the data slice 474and/or the local integrity information 476 associated with the dataslice 474, upon access of the DSN memory 22, and upon rebuilding thedata slice 474. The local integrity information 476 includes at leastone of integrity information of the data slice that is stored in thememory 450 and integrity information of the data slice that iscalculated by the computing device 462. The integrity information 476 ofthe data slice includes a result of a deterministic function operationon the data slice 474.

The selection module 466 selects the data slice 474 for corruptionanalysis. For example, the selection module 466 produces a slice name478 associated with the data slice 474. The selection module 466 selectsthe data slice 474 by one of a variety of approaches. A first approachincludes executing a random selection process. A second approachincludes receiving a read request for the data slice 474. A thirdapproach includes determining that calculated integrity information doesnot match the local integrity information 476 stored in the memory 450.For example, a hash digest is calculated for the data slice 474 storedin the memory 450 compares unfavorably (e.g., unfavorable when notsubstantially the same) to retrieved local integrity information 476 forthe data slice 474 when a format of the local integrity information 476includes a hash format. A fourth approach includes receiving a rebuildrequest for the data slice 474. A fifth approach includes receiving anerror message regarding the data slice 474 (e.g., at a set of dataslices level, at data object level, at file name level, at data slicelevel).

The integrity information module 468 requests integrity information 476for the data slice 474 from one or more other DS units 36 of the DSNmemory 22. For example, the integrity information module 468 generatesone or more integrity information requests 480 that includes the slicename 478 corresponding to the data slice 474. The integrity informationmodule 468 may select the one or more DS units 36 utilizing at least oneof a variety of approaches. A first approach includes an arbitraryselection process from a set of DS units 36. The set of DS units 36,including the computing device 462, store a set of data slices thatincludes the data slice 474. For example, the integrity informationmodule 468 selects identical DS units 36 as DS units 36 utilized tostore the set of data slices. A second approach includes a securitybased selection process from the set of DS units. For example, theintegrity information module 468 selects the one or more DS units 36such that the one or more DS units 36 are associated with a favorablelevel of security. A third approach includes a decode threshold numberbased selection process from the set of DS units 36. For example, theintegrity information module 468 identifies the decode threshold number(e.g., a lookup) and selects the one or more DS units 36 to include thedecode threshold number of DS units 36.

The analysis module 470, when the one or more requested integrityinformation 476 is received, analyzes the one or more received integrityinformation 476 and local integrity information 476 of the data slice474 stored in the memory 450 to produce an analysis 482. The analysismodule 470 analyzes by one of verifying concurrency of the one or morereceived integrity information 476 and the local integrity information476 (e.g., all match) and verifying that the local integrity information476 substantially matches a threshold number of the one or more receivedintegrity information 476 (e.g., a majority of the one or more receivedintegrity information matches, each of the one or more receivedintegrity information matches, at least a threshold number of the one ormore received integrity information matches).

The identification module 472, when the analysis 482 of the one or morereceived integrity information 476 and the local integrity information476 of the data slice 474 is unfavorable, identifies the data slice 474as being corrupted. For example, the application module 472 produces anidentification 484. The identification module 472 may further identifythe data slice 474 as being corrupted by initiating a rebuilding processto rebuild the identified data slice. The rebuilding process includesone of a partial rebuilding process in which the identified data sliceis rebuilt utilizing a zero information gain approach and a rebuildingprocess in which a data segment is rebuilt from the set of data slicesand the data segment is re-encoded to produce a rebuilt data slice.

FIG. 17C is a flowchart illustrating an example of detecting intentionalcorruption of data. The method begins at step 490 where a processingmodule (e.g., of a dispersed storage (DS) unit of a dispersed storagenetwork (DSN)) selects a data slice for corruption analysis. Theselecting the data slice includes one of a variety of approaches. Afirst approach includes the processing module executing a randomselection process. A second approach includes the processing modulereceiving a read request for the data slice. A third approach includesthe processing module determining that calculated integrity informationdoes not match local integrity information stored in the DS unit. Afourth approach includes the processing module receiving a rebuildrequest for the data slice. A fifth approach includes the processingmodule receiving an error message regarding the data slice.

The method continues at step 492 where the processing module requestsintegrity information for the data slice from one or more other DS unitsof the DSN. The processing module selects the one or more DS units basedon at least one of a variety of selection approaches. In a firstselection approach, the processing module utilizes an arbitraryselection process from a set of DS units. The set of DS units and the DSunit store a set of data slices that includes the data slice. In asecond selection approach, the processing module utilizes a securitybased selection process from the set of DS units. In a third selectionapproach, the processing module utilizes a decode threshold number basedselection process from the set of DS units.

When the one or more requested integrity information is received, themethod continues at step 494 where the processing module analyzes theone or more received integrity information and the local integrityinformation of the data slice stored in the DS unit. The local integrityinformation includes at least one of integrity information of the dataslice that is stored in the DS unit and integrity information of thedata slice that is calculated by the DS unit. The analyzing includes oneof verifying concurrency of the one or more received integrityinformation and the local integrity information and verifying that thelocal integrity information substantially matches a threshold number ofthe one or more received integrity information. For example, theprocessing module produces an analysis that indicates that the one ormore received integrity information and the local integrity informationis concurrent when the one or more received integrity information andthe local integrity information retrieved from a memory of the DS unitsubstantially matches. As another example, the processing moduleproduces the analysis to indicate that the local integrity informationdoes not substantially match the threshold number of the one or morereceived integrity information when two of the one or more receivedintegrity information substantially match the local integrityinformation and the threshold number is three.

When the analysis of the one or more received integrity information andthe local integrity information of the data slice is unfavorable, themethod continues at step 496 where the processing module identifies thedata slice as being corrupted. The identifying the data slice as beingcorrupted further includes initiating a rebuilding process to rebuildthe identified data slice. The rebuilding process includes one of apartial rebuilding process in which the identified data slice is rebuiltand a rebuilding process in which a data segment is rebuilt from a setof data slices and the data segment is re-encoded to produce a rebuilddata slice.

As may be used herein, the terms “substantially” and “approximately”provides an industry-accepted tolerance for its corresponding termand/or relativity between items. Such an industry-accepted toleranceranges from less than one percent to fifty percent and corresponds to,but is not limited to, component values, integrated circuit processvariations, temperature variations, rise and fall times, and/or thermalnoise. Such relativity between items ranges from a difference of a fewpercent to magnitude differences. As may also be used herein, theterm(s) “operably coupled to”, “coupled to”, and/or “coupling” includesdirect coupling between items and/or indirect coupling between items viaan intervening item (e.g., an item includes, but is not limited to, acomponent, an element, a circuit, and/or a module) where, for indirectcoupling, the intervening item does not modify the information of asignal but may adjust its current level, voltage level, and/or powerlevel. As may further be used herein, inferred coupling (i.e., where oneelement is coupled to another element by inference) includes direct andindirect coupling between two items in the same manner as “coupled to”.As may even further be used herein, the term “operable to” or “operablycoupled to” indicates that an item includes one or more of powerconnections, input(s), output(s), etc., to perform, when activated, oneor more its corresponding functions and may further include inferredcoupling to one or more other items. As may still further be usedherein, the term “associated with”, includes direct and/or indirectcoupling of separate items and/or one item being embedded within anotheritem. As may be used herein, the term “compares favorably”, indicatesthat a comparison between two or more items, signals, etc., provides adesired relationship. For example, when the desired relationship is thatsignal 1 has a greater magnitude than signal 2, a favorable comparisonmay be achieved when the magnitude of signal 1 is greater than that ofsignal 2 or when the magnitude of signal 2 is less than that of signal1.

As may also be used herein, the terms “processing module”, “processingcircuit”, and/or “processing unit” may be a single processing device ora plurality of processing devices. Such a processing device may be amicroprocessor, micro-controller, digital signal processor,microcomputer, central processing unit, field programmable gate array,programmable logic device, state machine, logic circuitry, analogcircuitry, digital circuitry, and/or any device that manipulates signals(analog and/or digital) based on hard coding of the circuitry and/oroperational instructions. The processing module, module, processingcircuit, and/or processing unit may be, or further include, memoryand/or an integrated memory element, which may be a single memorydevice, a plurality of memory devices, and/or embedded circuitry ofanother processing module, module, processing circuit, and/or processingunit. Such a memory device may be a read-only memory, random accessmemory, volatile memory, non-volatile memory, static memory, dynamicmemory, flash memory, cache memory, and/or any device that storesdigital information. Note that if the processing module, module,processing circuit, and/or processing unit includes more than oneprocessing device, the processing devices may be centrally located(e.g., directly coupled together via a wired and/or wireless busstructure) or may be distributedly located (e.g., cloud computing viaindirect coupling via a local area network and/or a wide area network).Further note that if the processing module, module, processing circuit,and/or processing unit implements one or more of its functions via astate machine, analog circuitry, digital circuitry, and/or logiccircuitry, the memory and/or memory element storing the correspondingoperational instructions may be embedded within, or external to, thecircuitry comprising the state machine, analog circuitry, digitalcircuitry, and/or logic circuitry. Still further note that, the memoryelement may store, and the processing module, module, processingcircuit, and/or processing unit executes, hard coded and/or operationalinstructions corresponding to at least some of the steps and/orfunctions illustrated in one or more of the Figures. Such a memorydevice or memory element can be included in an article of manufacture.

The present invention has been described above with the aid of methodsteps illustrating the performance of specified functions andrelationships thereof. The boundaries and sequence of these functionalbuilding blocks and method steps have been arbitrarily defined hereinfor convenience of description. Alternate boundaries and sequences canbe defined so long as the specified functions and relationships areappropriately performed. Any such alternate boundaries or sequences arethus within the scope and spirit of the claimed invention. Further, theboundaries of these functional building blocks have been arbitrarilydefined for convenience of description. Alternate boundaries could bedefined as long as the certain significant functions are appropriatelyperformed. Similarly, flow diagram blocks may also have been arbitrarilydefined herein to illustrate certain significant functionality. To theextent used, the flow diagram block boundaries and sequence could havebeen defined otherwise and still perform the certain significantfunctionality. Such alternate definitions of both functional buildingblocks and flow diagram blocks and sequences are thus within the scopeand spirit of the claimed invention. One of average skill in the artwill also recognize that the functional building blocks, and otherillustrative blocks, modules and components herein, can be implementedas illustrated or by discrete components, application specificintegrated circuits, processors executing appropriate software and thelike or any combination thereof.

The present invention may have also been described, at least in part, interms of one or more embodiments. An embodiment of the present inventionis used herein to illustrate the present invention, an aspect thereof, afeature thereof, a concept thereof, and/or an example thereof. Aphysical embodiment of an apparatus, an article of manufacture, amachine, and/or of a process that embodies the present invention mayinclude one or more of the aspects, features, concepts, examples, etc.,described with reference to one or more of the embodiments discussedherein. Further, from figure to figure, the embodiments may incorporatethe same or similarly named functions, steps, modules, etc., that mayuse the same or different reference numbers and, as such, the functions,steps, modules, etc., may be the same or similar functions, steps,modules, etc., or different ones.

While the transistors in the above described figure(s) is/are shown asfield effect transistors (FETs), as one of ordinary skill in the artwill appreciate, the transistors may be implemented using any type oftransistor structure including, but not limited to, bipolar, metal oxidesemiconductor field effect transistors (MOSFET), N-well transistors,P-well transistors, enhancement mode, depletion mode, and zero voltagethreshold (VT) transistors.

Unless specifically stated to the contra, signals to, from, and/orbetween elements in a figure of any of the figures presented herein maybe analog or digital, continuous time or discrete time, and single-endedor differential. For instance, if a signal path is shown as asingle-ended path, it also represents a differential signal path.Similarly, if a signal path is shown as a differential path, it alsorepresents a single-ended signal path. While one or more particulararchitectures are described herein, other architectures can likewise beimplemented that use one or more data buses not expressly shown, directconnectivity between elements, and/or indirect coupling between otherelements as recognized by one of average skill in the art.

The term “module” is used in the description of the various embodimentsof the present invention. A module includes a processing module, afunctional block, hardware, and/or software stored on memory forperforming one or more functions as may be described herein. Note that,if the module is implemented via hardware, the hardware may operateindependently and/or in conjunction software and/or firmware. As usedherein, a module may contain one or more sub-modules, each of which maybe one or more modules.

While particular combinations of various functions and features of thepresent invention have been expressly described herein, othercombinations of these features and functions are likewise possible. Thepresent invention is not limited by the particular examples disclosedherein and expressly incorporates these other combinations.

What is claimed is:
 1. A method comprises: affiliating an authenticationtoken with user information of a user; generating a private/public keypairing associated with the user information; applying a share encodingfunction on a private key of the private/public key pairing to produce aset of encoded shares; generating a set of random numbers; generating aset of hidden passwords based on the user information; generating a setof encryption keys based on the set of hidden passwords and the set ofrandom numbers; encrypting the set of encoded shares utilizing the setof encryption keys to produce a set of encrypted shares; outputting theset of encrypted shares to the authentication token for storage therein;and outputting the set of random numbers to a set of authenticatingunits.
 2. The method of claim 1, wherein the share encoding functioncomprises at least one of: a dispersed storage error encoding function;and a secret sharing function.
 3. The method of claim 1, wherein thegenerating the set of random numbers comprises: obtaining a set of baserandom numbers; and expanding each base random number of the set of baserandom numbers based on security parameters to produce the set of randomnumbers.
 4. The method of claim 1, wherein the generating the set ofhidden passwords comprises: transforming a set of personalizedauthenticating values of the user information in accordance with a setof transformation functions to produce a set of transformed personalizedauthenticating values; and for each password of the set of hiddenpasswords: combining, in accordance with a combining function, one ofthe set of transformed personalized authenticating values with at leastone of a constant and another one of the set of transformed personalizedauthenticating values to produce the password.
 5. The method of claim 1further comprises: for each encoded share of the set of encoded shares:generating an encryption key based on a corresponding one of the set ofhidden passwords and a corresponding one of the set of random numbers;and encrypting the encoded share utilizing the encryption key to producean encrypted share.
 6. A managing unit comprises: a first module, whenoperable within a computing device, causes the computing device to:affiliate an authentication token with user information of a user;generate a private/public key pairing associated with the userinformation; and apply a share encoding function on a private key of theprivate/public key pairing to produce a set of encoded shares; a secondmodule, when operable within a computing device, causes the computingdevice to: generate a set of random numbers; a third module, whenoperable within a computing device, causes the computing device to:generate a set of hidden passwords based on the user information; afourth module, when operable within a computing device, causes thecomputing device to: generate a set of encryption keys based on the setof hidden passwords and the set of random numbers; and encrypt the setof encoded shares utilizing the set of encryption keys to produce a setof encrypted shares; and a fifth module, when operable within acomputing device, causes the computing device to: output the set ofencrypted shares to the authentication token for storage therein; andoutput the set of random numbers to a set of authenticating units. 7.The managing unit of claim 6, wherein the share encoding functioncomprises at least one of: a dispersed storage error encoding function;and a secret sharing function.
 8. The managing unit of claim 6, whereinthe second module, when operable, generates the set of random numbersby: obtaining a set of base random numbers; and expanding each baserandom number of the set of base random numbers based on securityparameters to produce the set of random numbers.
 9. The managing unit ofclaim 6, wherein the third module, when operable, generates the set ofhidden passwords by: transforming a set of personalized authenticatingvalues of the user information in accordance with a set oftransformation functions to produce a set of transformed personalizedauthenticating values; and for each hidden password of the set of hiddenpasswords: combining, in accordance with a combining function, one ofthe set of transformed personalized authenticating values with at leastone of a constant and another one of the set of transformed personalizedauthenticating values to produce the hidden password.
 10. The managingunit of claim 6 further comprises: the fourth module is further operableto, for each encoded share of the set of encoded shares: generate anencryption key based on a corresponding one of the set of hiddenpasswords and a corresponding one of the set of random numbers; andencrypt the encoded share utilizing the encryption key to produce anencrypted share.